From d65a6985bf16e9a4b80e4e6dede1f1207f46f944 Mon Sep 17 00:00:00 2001
From: Holger Hans Peter Freyther <zecke@selfish.org>
Date: Mon, 11 Oct 2010 09:23:50 +0200
Subject: ussd: Make sure that we at least have 8 bytes when decoding the
 string

The actual gsm_7bit_decode can still cause a buffer overrun
but at least we are safe until this point.
---
 src/gsm0480.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/gsm0480.c b/src/gsm0480.c
index 73be8acd..4b1471f1 100644
--- a/src/gsm0480.c
+++ b/src/gsm0480.c
@@ -386,6 +386,12 @@ static int parse_process_uss_req(const uint8_t *uss_req_data, uint16_t length,
 	int num_chars;
 	uint8_t dcs;
 
+
+	/* we need at least that much */
+	if (length < 8)
+		return 0;
+
+
 	if (uss_req_data[0] == GSM_0480_SEQUENCE_TAG) {
 		if (uss_req_data[2] == ASN1_OCTET_STRING_TAG) {
 			dcs = uss_req_data[4];
-- 
cgit v1.2.3