From 75559284d08654eff7f5d18eacb5c039af33f824 Mon Sep 17 00:00:00 2001
From: Pau Espin Pedrol <pespin@sysmocom.de>
Date: Wed, 14 Feb 2018 14:12:24 +0100
Subject: libmsc: bssap: Catch TLV parse failures

Change-Id: I1d1951f4a5daf200e85c76fea14a35e952491d27
---
 src/libmsc/a_iface_bssap.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'src/libmsc')

diff --git a/src/libmsc/a_iface_bssap.c b/src/libmsc/a_iface_bssap.c
index 1adbe6963..2947d85e1 100644
--- a/src/libmsc/a_iface_bssap.c
+++ b/src/libmsc/a_iface_bssap.c
@@ -522,13 +522,19 @@ static int rx_bssmap(struct osmo_sccp_user *scu, const struct a_conn_info *a_con
 {
 	struct gsm_subscriber_connection *conn;
 	struct tlv_parsed tp;
+	int rc;
 
 	if (msgb_l3len(msg) < 1) {
 		LOGP(DBSSAP, LOGL_NOTICE, "Error: No data received -- discarding message!\n");
 		return -1;
 	}
 
-	tlv_parse(&tp, gsm0808_att_tlvdef(), msg->l3h + 1, msgb_l3len(msg) - 1, 0, 0);
+	rc = tlv_parse(&tp, gsm0808_att_tlvdef(), msg->l3h + 1, msgb_l3len(msg) - 1, 0, 0);
+	if (rc < 0) {
+		LOGP(DBSSAP, LOGL_ERROR, "Failed parsing TLV -- discarding message! %s\n",
+			osmo_hexdump(msg->l3h, msgb_l3len(msg)));
+		return -EINVAL;
+	}
 
 	/* Only message types allowed without a 'conn' */
 	switch (msg->l3h[0]) {
-- 
cgit v1.2.3