Some simple size check. We would not overflow but would send garbage

Check the size
author: Holger Freyther <zecke@selfish.org> 2009-01-04 20:15:12 +0000
committer: Holger Freyther <zecke@selfish.org> 2009-01-04 20:15:12 +0000
commit: 5e76ce61ace28a99f402c3d73fd74d855c6ec40d (patch)
tree: de28c889a914d7c8c95362929a4b46f05b4a3a4e /src/telnet_interface.c
parent: ca64da984b40014250e38320401793f06c350e4c (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/src/telnet_interface.c b/src/telnet_interface.c
index ddbbc5849..a25c9bb43 100644
--- a/src/telnet_interface.c
+++ b/src/telnet_interface.c
@@ -204,12 +204,19 @@ void telnet_send_gsm_48(struct telnet_connection *connection) {
 	static const char* error[] = {
 		"48: IMSI not found\n",
 		"48: No channel allocated for IMSI\n" };
+	int ret;
 	struct gsm_bts *bts = &connection->network->bts[connection->bts];
 	struct gsm_lchan *lchan = find_channel(bts, connection->imsi, error, connection->fd.fd);
 
 	if (!lchan)
 		return;
 
+	if (connection->read < 2) {
+		static const char *msg = "48: Need at least two bytes";
+		ret = write(connection->fd.fd, msg, strlen(msg));
+		return;
+	}
+
 	struct msgb *msg = gsm48_msgb_alloc();
 	struct gsm48_hdr *gh;
 	int i;
author	Holger Freyther <zecke@selfish.org>	2009-01-04 20:15:12 +0000
committer	Holger Freyther <zecke@selfish.org>	2009-01-04 20:15:12 +0000
commit	5e76ce61ace28a99f402c3d73fd74d855c6ec40d (patch)
tree	de28c889a914d7c8c95362929a4b46f05b4a3a4e /src/telnet_interface.c
parent	ca64da984b40014250e38320401793f06c350e4c (diff)