PSEA - IEI DNN - protect code from a bad DNN length received from the network

parent 8e4ebb07
...@@ -169,10 +169,14 @@ void capture_pdu_session_establishment_accept_msg(uint8_t *buffer, uint32_t msg_ ...@@ -169,10 +169,14 @@ void capture_pdu_session_establishment_accept_msg(uint8_t *buffer, uint32_t msg_
psea_msg.dnn_ie.dnn_length = *(buffer + offset++); psea_msg.dnn_ie.dnn_length = *(buffer + offset++);
char apn[APN_MAX_LEN]; char apn[APN_MAX_LEN];
if(psea_msg.dnn_ie.dnn_length <= APN_MAX_LEN &&
psea_msg.dnn_ie.dnn_length >= APN_MIN_LEN) {
for (int i = 0 ; i < psea_msg.dnn_ie.dnn_length ; ++i) for (int i = 0 ; i < psea_msg.dnn_ie.dnn_length ; ++i)
apn[i] = *(buffer + offset + i); apn[i] = *(buffer + offset + i);
LOG_T(NAS, "PDU SESSION ESTABLISHMENT ACCEPT - APN: %s\n", apn); LOG_T(NAS, "PDU SESSION ESTABLISHMENT ACCEPT - APN: %s\n", apn);
} else
LOG_E(NAS, "PDU SESSION ESTABLISHMENT ACCEPT - DNN IE has invalid length\n");
offset += psea_msg.dnn_ie.dnn_length; offset += psea_msg.dnn_ie.dnn_length;
psea_iei = *(buffer + offset++); psea_iei = *(buffer + offset++);
break; break;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment