smsutil: check status report fits in buffer

Fixes CVE-2023-4232 (cherry picked from commit 2ff2da7ac374a790f8b2a0216bcb4e3126498225) Origin: upstream, https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=2ff2da7ac374a790f8b2a0216bcb4e3126498225
2024-12-04 10:18:52 +02:00
parent 90106c2c53
commit 3aa6abb8a2
1 changed files with 3 additions and 0 deletions
--- a/src/smsutil.c
+++ b/src/smsutil.c
@@ -1092,6 +1092,9 @@ static gboolean decode_status_report(const unsigned char *pdu, int len,
 		if ((len - offset) < expected)
 			return FALSE;

+		if (expected > (int)sizeof(out->status_report.ud))
+			return FALSE;
+
 		memcpy(out->status_report.ud, pdu + offset, expected);
 	}