From fd744ceeae98113841c2323e17eb30aea93bacdc Mon Sep 17 00:00:00 2001 From: Vadim Yanitskiy Date: Wed, 17 Jan 2018 03:31:15 +0600 Subject: gsm0480: move SS request length check to parse_ss() Change-Id: I8e7ce5bd97f3a8731924264c92afb9a7183937dc --- src/gsm/gsm0480.c | 23 +++++++++++------------ 1 file changed, 11 insertions(+), 12 deletions(-) (limited to 'src') diff --git a/src/gsm/gsm0480.c b/src/gsm/gsm0480.c index 75388b9c..25f97a21 100644 --- a/src/gsm/gsm0480.c +++ b/src/gsm/gsm0480.c @@ -255,20 +255,8 @@ int gsm0480_decode_ussd_request(const struct gsm48_hdr *hdr, uint16_t len, int gsm0480_decode_ss_request(const struct gsm48_hdr *hdr, uint16_t len, struct ss_request *req) { - uint8_t msg_type = hdr->msg_type & 0x3F; int rc = 0; - /** - * GSM 04.80 Section 2.5 'Release complete' Table 2.5 - * payload is optional for 'RELEASE COMPLETE' message - */ - if (msg_type != GSM0480_MTYPE_RELEASE_COMPLETE) { - if (len < sizeof(*hdr) + 2) { - LOGP(0, LOGL_DEBUG, "SS Request is too short.\n"); - return 0; - } - } - if (gsm48_hdr_pdisc(hdr) == GSM48_PDISC_NC_SS) { req->transaction_id = hdr->proto_discr & 0x70; rc = parse_ss(hdr, len - sizeof(*hdr), req); @@ -285,6 +273,17 @@ static int parse_ss(const struct gsm48_hdr *hdr, uint16_t len, struct ss_request int rc = 1; uint8_t msg_type = hdr->msg_type & 0x3F; /* message-type - section 3.4 */ + /** + * GSM 04.80 Section 2.5 'Release complete' Table 2.5 + * payload is optional for 'RELEASE COMPLETE' message + */ + if (msg_type != GSM0480_MTYPE_RELEASE_COMPLETE) { + if (len < 2) { + LOGP(0, LOGL_DEBUG, "SS Request is too short.\n"); + return 0; + } + } + /* Table 2.1: Messages for call independent SS control */ switch (msg_type) { case GSM0480_MTYPE_RELEASE_COMPLETE: -- cgit v1.2.3