From 7c04a6066e883fbb14255e9adfc0056a77bf381a Mon Sep 17 00:00:00 2001 From: Vadim Yanitskiy Date: Wed, 3 Oct 2018 06:14:12 +0700 Subject: layer23/l1ctl.c: fix: verify msg length against l1ctl_hdr In l1ctl_recv() we actually expect to 'see' the L1CTL header instead of the DL info header. Let's fix this. Change-Id: Ic7d017bef04f3c186565d5dade36959df1019bd8 --- src/host/layer23/src/common/l1ctl.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/host/layer23/src/common/l1ctl.c b/src/host/layer23/src/common/l1ctl.c index 39b7f3c3..9a3bc0e8 100644 --- a/src/host/layer23/src/common/l1ctl.c +++ b/src/host/layer23/src/common/l1ctl.c @@ -873,9 +873,8 @@ int l1ctl_recv(struct osmocom_ms *ms, struct msgb *msg) { int rc = 0; struct l1ctl_hdr *l1h; - struct l1ctl_info_dl *dl; - if (msgb_l2len(msg) < sizeof(*dl)) { + if (msgb_l2len(msg) < sizeof(*l1h)) { LOGP(DL1C, LOGL_ERROR, "Short Layer2 message: %u\n", msgb_l2len(msg)); msgb_free(msg); -- cgit v1.2.3