* [PATCH v2] smsutil: Validate the length of the address field
@ 2023-12-28 9:51 Denis Grigorev
2023-12-29 10:30 ` [PATCH v3] " Denis Grigorev
0 siblings, 1 reply; 3+ messages in thread
From: Denis Grigorev @ 2023-12-28 9:51 UTC (permalink / raw)
To: ofono; +Cc: denkenz, d.grigorev
This addresses CVE-2023-4233.
---
src/smsutil.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/smsutil.c b/src/smsutil.c
index c25dbdbf..77ab0ff1 100644
--- a/src/smsutil.c
+++ b/src/smsutil.c
@@ -627,6 +627,10 @@ gboolean sms_decode_address_field(const unsigned char *pdu, int len,
if (!next_octet(pdu, len, offset, &addr_len))
return FALSE;
+ /* According to 23.040 9.1.2.5 Address-Length must not exceed 20 */
+ if (addr_len > 20)
+ return FALSE;
+
if (sc && addr_len == 0) {
out->address[0] = '\0';
return TRUE;
--
2.34.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [PATCH v3] smsutil: Validate the length of the address field
2023-12-28 9:51 [PATCH v2] smsutil: Validate the length of the address field Denis Grigorev
@ 2023-12-29 10:30 ` Denis Grigorev
2024-01-02 17:19 ` Denis Kenzior
0 siblings, 1 reply; 3+ messages in thread
From: Denis Grigorev @ 2023-12-29 10:30 UTC (permalink / raw)
To: ofono; +Cc: denkenz, d.grigorev
This addresses CVE-2023-4233.
---
v1 -> v2: Validate Address-Length instead of comparing with mem size.
v2 -> v3: Remove extra space
src/smsutil.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/smsutil.c b/src/smsutil.c
index c25dbdbf..27c5065a 100644
--- a/src/smsutil.c
+++ b/src/smsutil.c
@@ -627,6 +627,10 @@ gboolean sms_decode_address_field(const unsigned char *pdu, int len,
if (!next_octet(pdu, len, offset, &addr_len))
return FALSE;
+ /* According to 23.040 9.1.2.5 Address-Length must not exceed 20 */
+ if (addr_len > 20)
+ return FALSE;
+
if (sc && addr_len == 0) {
out->address[0] = '\0';
return TRUE;
--
2.34.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH v3] smsutil: Validate the length of the address field
2023-12-29 10:30 ` [PATCH v3] " Denis Grigorev
@ 2024-01-02 17:19 ` Denis Kenzior
0 siblings, 0 replies; 3+ messages in thread
From: Denis Kenzior @ 2024-01-02 17:19 UTC (permalink / raw)
To: Denis Grigorev, ofono
Hi Denis,
On 12/29/23 04:30, Denis Grigorev wrote:
> This addresses CVE-2023-4233.
> ---
> v1 -> v2: Validate Address-Length instead of comparing with mem size.
> v2 -> v3: Remove extra space
>
> src/smsutil.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
Applied, thanks.
Regards,
-Denis
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2024-01-02 17:19 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-12-28 9:51 [PATCH v2] smsutil: Validate the length of the address field Denis Grigorev
2023-12-29 10:30 ` [PATCH v3] " Denis Grigorev
2024-01-02 17:19 ` Denis Kenzior
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).