From 4446b3bf3439678beab10b067919e121a6499835 Mon Sep 17 00:00:00 2001 From: Holger Hans Peter Freyther Date: Thu, 10 Feb 2011 11:41:49 +0100 Subject: nat: Add extra size check for the number and fail if it does not fit If the replaced number is too long for the phone number we will have to stop processing here. --- openbsc/src/nat/bsc_nat_utils.c | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'openbsc/src') diff --git a/openbsc/src/nat/bsc_nat_utils.c b/openbsc/src/nat/bsc_nat_utils.c index aba082d4d..b43d67a83 100644 --- a/openbsc/src/nat/bsc_nat_utils.c +++ b/openbsc/src/nat/bsc_nat_utils.c @@ -819,6 +819,12 @@ struct msgb *bsc_nat_rewrite_setup(struct bsc_nat *nat, struct msgb *msg, struct return msg; } + if (strlen(new_number) > sizeof(called.number)) { + LOGP(DNAT, LOGL_ERROR, "Number is too long for structure.\n"); + talloc_free(new_number); + return msg; + } + /* * Need to create a new message now based on the old onew * with a new number. We can sadly not patch this in place -- cgit v1.2.3