diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/libmsc/gsm_04_11.c | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/src/libmsc/gsm_04_11.c b/src/libmsc/gsm_04_11.c index 261e5cd64..eede74c23 100644 --- a/src/libmsc/gsm_04_11.c +++ b/src/libmsc/gsm_04_11.c @@ -215,9 +215,9 @@ static int gsm340_gen_sms_deliver_tpdu(struct msgb *msg, struct gsm_sms *sms) { uint8_t *smsp; uint8_t oa[12]; /* max len per 03.40 */ - uint8_t oa_len = 0; uint8_t octet_len; unsigned int old_msg_len = msg->len; + int oa_len; /* generate first octet with masked bits */ smsp = msgb_put(msg, 1); @@ -235,6 +235,9 @@ static int gsm340_gen_sms_deliver_tpdu(struct msgb *msg, struct gsm_sms *sms) /* generate originator address */ oa_len = gsm340_gen_oa_sub(oa, sizeof(oa), &sms->src); + if (oa_len < 0) + return -ENOSPC; + smsp = msgb_put(msg, oa_len); memcpy(smsp, oa, oa_len); @@ -284,9 +287,9 @@ static int gsm340_gen_sms_status_report_tpdu(struct msgb *msg, struct gsm_sms *sms) { unsigned int old_msg_len = msg->len; - uint8_t oa_len = 0; uint8_t oa[12]; /* max len per 03.40 */ uint8_t *smsp; + int oa_len; /* generate first octet with masked bits */ smsp = msgb_put(msg, 1); @@ -298,8 +301,12 @@ static int gsm340_gen_sms_status_report_tpdu(struct msgb *msg, /* TP-MR (message reference) */ smsp = msgb_put(msg, 1); *smsp = sms->msg_ref; + /* generate recipient address */ oa_len = gsm340_gen_oa_sub(oa, sizeof(oa), &sms->dst); + if (oa_len < 0) + return -ENOSPC; + smsp = msgb_put(msg, oa_len); memcpy(smsp, oa, oa_len); |