From 2faeb1ac6cc054737b153b08be1de3846256a820 Mon Sep 17 00:00:00 2001
From: Alexander Couzens <lynxis@fe80.eu>
Date: Mon, 13 Mar 2017 11:00:59 +0100
Subject: abis_rsl: fix off-by-one length check when parsing ericson tlli field

Change-Id: I658f6d82a67944345ddda5534fa996dca9e990ab
---
 openbsc/src/libbsc/abis_rsl.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/openbsc/src/libbsc/abis_rsl.c b/openbsc/src/libbsc/abis_rsl.c
index d750df449..85c92cd77 100644
--- a/openbsc/src/libbsc/abis_rsl.c
+++ b/openbsc/src/libbsc/abis_rsl.c
@@ -2018,7 +2018,7 @@ static int abis_rsl_rx_cchan(struct msgb *msg)
 		/* FIXME: Replace the messy message parsing below
 		 * with proper TV parser */
 		LOGP(DRSL, LOGL_INFO, "IMM.ass sent\n");
-		if(msg->len < 8)
+		if(msg->len < 9)
 			LOGP(DRSL, LOGL_ERROR, "short IMM.ass sent message!\n");
 		else if(msg->data[4] != 0xf1)
 			LOGP(DRSL, LOGL_ERROR, "unsupported IMM.ass message format! (please fix)\n");
-- 
cgit v1.2.3