ofono.lists.linux.dev archive mirror
 help / color / mirror / Atom feed
* [PATCH v2] smsutil: Validate the length of the address field
@ 2023-12-28  9:51 Denis Grigorev
  2023-12-29 10:30 ` [PATCH v3] " Denis Grigorev
  0 siblings, 1 reply; 3+ messages in thread
From: Denis Grigorev @ 2023-12-28  9:51 UTC (permalink / raw)
  To: ofono; +Cc: denkenz, d.grigorev

This addresses CVE-2023-4233.
---
 src/smsutil.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/smsutil.c b/src/smsutil.c
index c25dbdbf..77ab0ff1 100644
--- a/src/smsutil.c
+++ b/src/smsutil.c
@@ -627,6 +627,10 @@ gboolean sms_decode_address_field(const unsigned char *pdu, int len,
 	if (!next_octet(pdu, len, offset, &addr_len))
 		return FALSE;
 
+	/* According to 23.040 9.1.2.5 Address-Length must not exceed 20 */
+	 if (addr_len > 20)
+		return FALSE;
+
 	if (sc && addr_len == 0) {
 		out->address[0] = '\0';
 		return TRUE;
-- 
2.34.1


^ permalink raw reply related	[flat|nested] 3+ messages in thread
* [PATCH v3] smsutil: Validate the length of the address field
  2023-12-28  9:51 [PATCH v2] smsutil: Validate the length of the address field Denis Grigorev
@ 2023-12-29 10:30 ` Denis Grigorev
  2024-01-02 17:19   ` Denis Kenzior
  0 siblings, 1 reply; 3+ messages in thread
From: Denis Grigorev @ 2023-12-29 10:30 UTC (permalink / raw)
  To: ofono; +Cc: denkenz, d.grigorev

This addresses CVE-2023-4233.
---
 v1 -> v2: Validate Address-Length instead of comparing with mem size.
 v2 -> v3: Remove extra space

 src/smsutil.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/smsutil.c b/src/smsutil.c
index c25dbdbf..27c5065a 100644
--- a/src/smsutil.c
+++ b/src/smsutil.c
@@ -627,6 +627,10 @@ gboolean sms_decode_address_field(const unsigned char *pdu, int len,
 	if (!next_octet(pdu, len, offset, &addr_len))
 		return FALSE;
 
+	/* According to 23.040 9.1.2.5 Address-Length must not exceed 20 */
+	if (addr_len > 20)
+		return FALSE;
+
 	if (sc && addr_len == 0) {
 		out->address[0] = '\0';
 		return TRUE;
-- 
2.34.1


^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [PATCH v3] smsutil: Validate the length of the address field
  2023-12-29 10:30 ` [PATCH v3] " Denis Grigorev
@ 2024-01-02 17:19   ` Denis Kenzior
  0 siblings, 0 replies; 3+ messages in thread
From: Denis Kenzior @ 2024-01-02 17:19 UTC (permalink / raw)
  To: Denis Grigorev, ofono

Hi Denis,

On 12/29/23 04:30, Denis Grigorev wrote:
> This addresses CVE-2023-4233.
> ---
>   v1 -> v2: Validate Address-Length instead of comparing with mem size.
>   v2 -> v3: Remove extra space
> 
>   src/smsutil.c | 4 ++++
>   1 file changed, 4 insertions(+)
> 

Applied, thanks.

Regards,
-Denis


^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2024-01-02 17:19 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-12-28  9:51 [PATCH v2] smsutil: Validate the length of the address field Denis Grigorev
2023-12-29 10:30 ` [PATCH v3] " Denis Grigorev
2024-01-02 17:19   ` Denis Kenzior

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).