diff options
| author | Holger Hans Peter Freyther <holger@moiji-mobile.com> | 2015-06-08 18:31:02 +0200 |
|---|---|---|
| committer | Holger Hans Peter Freyther <holger@moiji-mobile.com> | 2015-07-01 08:16:40 +0200 |
| commit | 2dd18bdd87a130a3536b12af874e331d93593e9b (patch) | |
| tree | d14c6471e0f97ddcc5affe83e3f8656618add57d | |
| parent | 57ee78078905c7499bd4e6857f8981d22badfcac (diff) | |
nat: Add size check for the payload
The msgb will always have these bytes but it is better practice
to verify that the message really has space for the two bytes.
| -rw-r--r-- | openbsc/src/osmo-bsc_nat/bsc_nat.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/openbsc/src/osmo-bsc_nat/bsc_nat.c b/openbsc/src/osmo-bsc_nat/bsc_nat.c index 4357485ff..537001ed5 100644 --- a/openbsc/src/osmo-bsc_nat/bsc_nat.c +++ b/openbsc/src/osmo-bsc_nat/bsc_nat.c @@ -1185,7 +1185,7 @@ exit: send_reset_ack(bsc); } else if (parsed->ipa_proto == IPAC_PROTO_IPACCESS) { /* do we know who is handling this? */ - if (msg->l2h[0] == IPAC_MSGT_ID_RESP) { + if (msg->l2h[0] == IPAC_MSGT_ID_RESP && msgb_l2len(msg) > 2) { struct tlv_parsed tvp; int ret; ret = ipa_ccm_idtag_parse(&tvp, |