Return in gNB if pdu_len is less than cast length

This is what we did in the NRUE for NSA mode

openair2/LAYER2/NR_MAC_gNB/gNB_scheduler_ulsch.c

@@ -220,9 +220,6 @@ int nr_process_mac_pdu(module_id_t module_idP,
 
         LOG_D(NR_MAC, "In %s: received UL-SCH sub-PDU with LCID 0x%x in %d.%d (remaining PDU length %d)\n", __func__, rx_lcid, frameP, slot, pdu_len);
 
-        if (pdu_len < 7) {
-          break;
-        }
         unsigned char *ce_ptr;
         int n_Lcg = 0;
 
@@ -264,9 +261,13 @@ int nr_process_mac_pdu(module_id_t module_idP,
         case UL_SCH_LCID_L_TRUNCATED_BSR:
         	//38.321 section 6.1.3.1
         	//variable length
+                if (pdu_len < sizeof(NR_MAC_SUBHEADER_SHORT))
+                        return 0;
         	mac_ce_len |= (uint16_t)((NR_MAC_SUBHEADER_SHORT *)pduP)->L;
         	mac_subheader_len = 2;
         	if(((NR_MAC_SUBHEADER_SHORT *)pduP)->F){
+                        if (pdu_len < sizeof(NR_MAC_SUBHEADER_LONG))
+                                return 0;
         		mac_ce_len |= (uint16_t)(((NR_MAC_SUBHEADER_LONG *)pduP)->L2)<<8;
         		mac_subheader_len = 3;
         	}
@@ -343,9 +344,13 @@ int nr_process_mac_pdu(module_id_t module_idP,
         case UL_SCH_LCID_MULTI_ENTRY_PHR_1_OCT:
         	//38.321 section 6.1.3.9
         	//  varialbe length
+                if (pdu_len < sizeof(NR_MAC_SUBHEADER_SHORT))
+                        return 0;
         	mac_ce_len |= (uint16_t)((NR_MAC_SUBHEADER_SHORT *)pduP)->L;
         	mac_subheader_len = 2;
         	if(((NR_MAC_SUBHEADER_SHORT *)pduP)->F){
+                        if (pdu_len < sizeof(NR_MAC_SUBHEADER_LONG))
+                                return 0;
         		mac_ce_len |= (uint16_t)(((NR_MAC_SUBHEADER_LONG *)pduP)->L2)<<8;
         		mac_subheader_len = 3;
         	}
@@ -355,9 +360,13 @@ int nr_process_mac_pdu(module_id_t module_idP,
         case UL_SCH_LCID_MULTI_ENTRY_PHR_4_OCT:
         	//38.321 section 6.1.3.9
         	//  varialbe length
+                if (pdu_len < sizeof(NR_MAC_SUBHEADER_SHORT))
+                        return 0;
         	mac_ce_len |= (uint16_t)((NR_MAC_SUBHEADER_SHORT *)pduP)->L;
         	mac_subheader_len = 2;
         	if(((NR_MAC_SUBHEADER_SHORT *)pduP)->F){
+                        if (pdu_len < sizeof(NR_MAC_SUBHEADER_LONG))
+                                return 0;
         		mac_ce_len |= (uint16_t)(((NR_MAC_SUBHEADER_LONG *)pduP)->L2)<<8;
         		mac_subheader_len = 3;
         	}
@@ -371,8 +380,12 @@ int nr_process_mac_pdu(module_id_t module_idP,
 
         case UL_SCH_LCID_SRB1:
         case UL_SCH_LCID_SRB2:
+          if (pdu_len < sizeof(NR_MAC_SUBHEADER_SHORT))
+                return 0;
           if(((NR_MAC_SUBHEADER_SHORT *)pduP)->F){
             //mac_sdu_len |= (uint16_t)(((NR_MAC_SUBHEADER_LONG *)pduP)->L2)<<8;
+            if (pdu_len < sizeof(NR_MAC_SUBHEADER_SHORT))
+                  return 0;
             mac_subheader_len = 3;
             mac_sdu_len = ((uint16_t)(((NR_MAC_SUBHEADER_LONG *) pduP)->L1 & 0x7f) << 8)
                 | ((uint16_t)((NR_MAC_SUBHEADER_LONG *) pduP)->L2 & 0xff);
@@ -456,8 +469,12 @@ int nr_process_mac_pdu(module_id_t module_idP,
 
         case UL_SCH_LCID_DTCH:
           //  check if LCID is valid at current time.
+          if (pdu_len < sizeof(NR_MAC_SUBHEADER_SHORT))
+                return 0;
           if (((NR_MAC_SUBHEADER_SHORT *)pduP)->F) {
             // mac_sdu_len |= (uint16_t)(((NR_MAC_SUBHEADER_LONG *)pduP)->L2)<<8;
+            if (pdu_len < sizeof(NR_MAC_SUBHEADER_LONG))
+                  return 0;
             mac_subheader_len = 3;
             mac_sdu_len = ((uint16_t)(((NR_MAC_SUBHEADER_LONG *)pduP)->L1 & 0x7f) << 8)
                           | ((uint16_t)((NR_MAC_SUBHEADER_LONG *)pduP)->L2 & 0xff);