neels has uploaded this change for review. (
https://gerrit.osmocom.org/c/libosmo-sccp/+/37995?usp=email )
Change subject: coverity CID#216830
......................................................................
coverity CID#216830
sanity-check par->len received on the wire.
Change-Id: I3e6283154268f97a66b2b3f2ec8e3e9631424434
---
M src/sua.c
1 file changed, 5 insertions(+), 1 deletion(-)
git pull ssh://gerrit.osmocom.org:29418/libosmo-sccp refs/changes/95/37995/1
diff --git a/src/sua.c b/src/sua.c
index 9e281e0..d4c8b29 100644
--- a/src/sua.c
+++ b/src/sua.c
@@ -436,7 +436,11 @@
par = (struct xua_parameter_hdr *) ¶m->dat[pos];
par_tag = ntohs(par->tag);
par_len = ntohs(par->len);
- par_datalen = par_len - sizeof(*par);
+ /* sanity: check par->len received on the wire, make sure the
subtraction does not wrap past zero */
+ if (par_len >= sizeof(*par))
+ par_datalen = par_len - sizeof(*par);
+ else
+ par_datalen = 0;
LOGP(DLSUA, LOGL_DEBUG, "SUA IEI 0x%04x pos %hu/%hu: subpart
tag 0x%04x, len %hu\n",
param->tag, pos, param->len, par_tag, par_len);
--
To view, visit https://gerrit.osmocom.org/c/libosmo-sccp/+/37995?usp=email
To unsubscribe, or for help writing mail filters, visit
https://gerrit.osmocom.org/settings?usp=email
Gerrit-MessageType: newchange
Gerrit-Project: libosmo-sccp
Gerrit-Branch: master
Gerrit-Change-Id: I3e6283154268f97a66b2b3f2ec8e3e9631424434
Gerrit-Change-Number: 37995
Gerrit-PatchSet: 1
Gerrit-Owner: neels <[email protected]>
