diff options
| author | Harald Welte <laforge@gnumonks.org> | 2018-02-28 18:13:10 +0100 |
|---|---|---|
| committer | Harald Welte <laforge@gnumonks.org> | 2018-02-28 19:08:55 +0100 |
| commit | 70a0ee56f7027d2e5738f30d62669afe1d7255a0 (patch) | |
| tree | 58f698a7301396baf85087fa4a1abfaf68b49f6a | |
| parent | e1ff92b8ddcab3dd8d39760b2b3860b989dc0606 (diff) | |
pcu_sock: Discard messages that are too short
The downstream code of pcu_sock.c doesn't contain any length checks,
so let's discard any messages that are shorter than the primitive
length.
Change-Id: I35ac84d4db6d21ea61afbd1864c810bbf601d69b
| -rw-r--r-- | src/common/pcu_sock.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/common/pcu_sock.c b/src/common/pcu_sock.c index fa13f242..b810174f 100644 --- a/src/common/pcu_sock.c +++ b/src/common/pcu_sock.c @@ -749,6 +749,12 @@ static int pcu_sock_read(struct osmo_fd *bfd) goto close; } + if (rc < sizeof(*pcu_prim)) { + LOGP(DPCU, LOGL_ERROR, "Received %d bytes on PCU Socket, but primitive size " + "is %lu, discarding\n", rc, sizeof(*pcu_prim)); + return 0; + } + rc = pcu_rx(state->net, pcu_prim->msg_type, pcu_prim); /* as we always synchronously process the message in pcu_rx() and |