From e7dc282b51acb0100769bbe9df38f40361d60536 Mon Sep 17 00:00:00 2001
From: Ivan Kluchnikov <kluchnikovi@gmail.com>
Date: Tue, 29 Dec 2015 19:00:28 +0300
Subject: sup: Fix RP header offset and RP data length calculations

---
 openbsc/src/libmsc/gsm_sup.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/openbsc/src/libmsc/gsm_sup.c b/openbsc/src/libmsc/gsm_sup.c
index 2e0fe7201..304e225a2 100644
--- a/openbsc/src/libmsc/gsm_sup.c
+++ b/openbsc/src/libmsc/gsm_sup.c
@@ -209,10 +209,10 @@ static int rx_sms_message(const uint8_t* data, size_t data_len)
 	char extension[15];
 	uint8_t *value;
 	size_t value_len;
-	int offset = 0;
+	int offset = 1;
 	uint8_t *rp_hdr = (uint8_t*)data + offset;
+	data_len -= 1;
 
-	offset++;
 	rc = gprs_match_tlv(&rp_hdr, &data_len, 0x82, &value, &value_len);
 
 	if (rc <= 0)
@@ -232,8 +232,8 @@ static int rx_sms_message(const uint8_t* data, size_t data_len)
 
 	struct msgb *msg = gsm411_msgb_alloc();
 	uint8_t *rp_msg;
-	rp_msg = (uint8_t *)msgb_put(msg, data_len - offset);
-	memcpy(rp_msg, data + offset, data_len - offset);
+	rp_msg = (uint8_t *)msgb_put(msg, data_len);
+	memcpy(rp_msg, data + offset, data_len);
 
 	struct gsm_subscriber *subscr;
 	subscr = subscr_get_by_extension(NULL, extension);
-- 
cgit v1.2.3