diff options
author | Holger Hans Peter Freyther <holger@moiji-mobile.com> | 2015-02-08 09:53:44 +0100 |
---|---|---|
committer | Holger Hans Peter Freyther <holger@moiji-mobile.com> | 2015-02-08 09:56:31 +0100 |
commit | a0735ecab558ea1759a8262eff62865bbed01051 (patch) | |
tree | cc3c1db68c861db846fc747201358dbb939a4ecf /openbsc/src/libbsc | |
parent | 60e073e28d5e52f8eb4feaa422abc71b8b9f831b (diff) |
smpp: Fix potential crash in handling submitSM
In case:
* No message_payload and a 0 sm_length was used
* esm_class indicates UDH being present
* 7bit encoding was requested
The code would execute:
ud_len = *sms_msg + 1;
Which is a NULL pointer dereference and would lead
to a crash of the NITB. Enforce the limits of the
sm_length parameter and reject the messae otherwise.
Fixes: Coverity CID 1042373
Diffstat (limited to 'openbsc/src/libbsc')
0 files changed, 0 insertions, 0 deletions