From c2c0ea700bc5100645372c94d765ddb2b6f99285 Mon Sep 17 00:00:00 2001 From: Holger Hans Peter Freyther Date: Tue, 10 Jan 2012 22:27:43 +0100 Subject: nat: Compare the DTAP L3 size with the size of the msgb - dtap header --- openbsc/src/osmo-bsc_nat/bsc_nat_utils.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/openbsc/src/osmo-bsc_nat/bsc_nat_utils.c b/openbsc/src/osmo-bsc_nat/bsc_nat_utils.c index bf1417d94..93fb5b564 100644 --- a/openbsc/src/osmo-bsc_nat/bsc_nat_utils.c +++ b/openbsc/src/osmo-bsc_nat/bsc_nat_utils.c @@ -635,8 +635,10 @@ struct gsm48_hdr *bsc_unpack_dtap(struct bsc_nat_parsed *parsed, return NULL; } - if (*len < sizeof(struct gsm48_hdr)) { - LOGP(DNAT, LOGL_ERROR, "GSM48 header does not fit.\n"); + if (msgb_l3len(msg) - 3 < msg->l3h[2]) { + LOGP(DNAT, LOGL_ERROR, + "GSM48 payload does not fit: %d %d\n", + msg->l3h[2], msgb_l3len(msg) - 3); return NULL; } -- cgit v1.2.3