nat: Add size check for the payload

The msgb will always have these bytes but it is better practice to verify that the message really has space for the two bytes.
author: Holger Hans Peter Freyther <holger@moiji-mobile.com> 2015-06-08 18:31:02 +0200
committer: Holger Hans Peter Freyther <holger@moiji-mobile.com> 2015-07-01 08:16:40 +0200
commit: 2dd18bdd87a130a3536b12af874e331d93593e9b (patch)
tree: d14c6471e0f97ddcc5affe83e3f8656618add57d /openbsc
parent: 57ee78078905c7499bd4e6857f8981d22badfcac (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/openbsc/src/osmo-bsc_nat/bsc_nat.c b/openbsc/src/osmo-bsc_nat/bsc_nat.c
index 4357485ff..537001ed5 100644
--- a/openbsc/src/osmo-bsc_nat/bsc_nat.c
+++ b/openbsc/src/osmo-bsc_nat/bsc_nat.c
@@ -1185,7 +1185,7 @@ exit:
 		send_reset_ack(bsc);
 	} else if (parsed->ipa_proto == IPAC_PROTO_IPACCESS) {
 		/* do we know who is handling this? */
-		if (msg->l2h[0] == IPAC_MSGT_ID_RESP) {
+		if (msg->l2h[0] == IPAC_MSGT_ID_RESP && msgb_l2len(msg) > 2) {
 			struct tlv_parsed tvp;
 			int ret;
 			ret = ipa_ccm_idtag_parse(&tvp,
author	Holger Hans Peter Freyther <holger@moiji-mobile.com>	2015-06-08 18:31:02 +0200
committer	Holger Hans Peter Freyther <holger@moiji-mobile.com>	2015-07-01 08:16:40 +0200
commit	2dd18bdd87a130a3536b12af874e331d93593e9b (patch)
tree	d14c6471e0f97ddcc5affe83e3f8656618add57d /openbsc
parent	57ee78078905c7499bd4e6857f8981d22badfcac (diff)