diff options
Diffstat (limited to 'openbsc/src/gsm_04_08_utils.c')
-rw-r--r-- | openbsc/src/gsm_04_08_utils.c | 17 |
1 files changed, 12 insertions, 5 deletions
diff --git a/openbsc/src/gsm_04_08_utils.c b/openbsc/src/gsm_04_08_utils.c index e51faba82..be26aa36c 100644 --- a/openbsc/src/gsm_04_08_utils.c +++ b/openbsc/src/gsm_04_08_utils.c @@ -285,13 +285,20 @@ int send_siemens_mrpci(struct gsm_lchan *lchan, return rsl_siemens_mrpci(lchan, &mrpci); } -int gsm48_paging_extract_mi(struct msgb *msg, char *mi_string, u_int8_t *mi_type) +int gsm48_paging_extract_mi(struct gsm48_pag_resp *resp, int length, + char *mi_string, u_int8_t *mi_type) { - struct gsm48_hdr *gh = msgb_l3(msg); - u_int8_t *classmark2_lv = gh->data + 1; - u_int8_t *mi_lv = gh->data + 2 + *classmark2_lv; - *mi_type = mi_lv[1] & GSM_MI_TYPE_MASK; + u_int8_t *classmark2_lv = (uint8_t *) &resp->classmark2; + /* Check the size for the classmark */ + if (length < 2 + *classmark2_lv) + return -1; + + u_int8_t *mi_lv = classmark2_lv + *classmark2_lv + 1; + if (length < 3 + *classmark2_lv + mi_lv[0]) + return -2; + + *mi_type = mi_lv[1] & GSM_MI_TYPE_MASK; return gsm48_mi_to_string(mi_string, GSM48_MI_SIZE, mi_lv+1, *mi_lv); } |