From 7240062b75540747461baf42bca5c73d879985af Mon Sep 17 00:00:00 2001
From: Harald Welte <laforge@gnumonks.org>
Date: Sun, 19 May 2019 16:13:51 +0200
Subject: RSL: Fix off-by-one error when parsing SACCH INFO IE in RSL CHAN ACT

This off-by-one error in length verification caused all SACCH INFO IE
to be deemed invalid and hence any RSL CHAN ACT with that IE to be
rejected.

Change-Id: I6436caf5c2caefbf7c089d66e37d8d1babe1c24e
Related: OS#3750
---
 src/common/rsl.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/common/rsl.c')

diff --git a/src/common/rsl.c b/src/common/rsl.c
index b02f4e69..76aaef33 100644
--- a/src/common/rsl.c
+++ b/src/common/rsl.c
@@ -1133,7 +1133,7 @@ static int rsl_rx_chan_activ(struct msgb *msg)
 			lapdm_ui_prefix_lchan(lchan, cur, osmo_si, si_len);
 
 			cur += si_len;
-			if (cur >= val + tot_len) {
+			if (cur > val + tot_len) {
 				LOGP(DRSL, LOGL_ERROR, "Error parsing SACCH INFO IE\n");
 				rsl_tx_error_report(msg->trx, RSL_ERR_IE_CONTENT, &dch->chan_nr,
 						    NULL, msg);
-- 
cgit v1.2.3