PentHertz
/
srsLTE
mirror of https://github.com/PentHertz/srsLTE.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Protect NAS unbounded message read

This commit is contained in:
Xavier Arteaga 2021-03-01 11:36:49 +01:00 committed by Andre Puschmann
parent 5285550880
commit 81cc8de2b7
1 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
lib/src/asn1/liblte_mme.cc
View File

@ -5911,6 +5911,7 @@ LIBLTE_ERROR_ENUM liblte_mme_unpack_emm_information_msg(LIBLTE_BYTE_MSG_STRUCT*
{
LIBLTE_ERROR_ENUM err = LIBLTE_ERROR_INVALID_INPUTS;
uint8* msg_ptr = msg->msg;
uint8* msg_end = msg->msg + msg->N_bytes;
uint8 sec_hdr_type;
if (msg != NULL && emm_info != NULL) {
@ -5935,7 +5936,7 @@ LIBLTE_ERROR_ENUM liblte_mme_unpack_emm_information_msg(LIBLTE_BYTE_MSG_STRUCT*
}
// Short Name For Network
if (LIBLTE_MME_SHORT_NAME_FOR_NETWORK_IEI == *msg_ptr) {
if (msg_ptr < msg_end && LIBLTE_MME_SHORT_NAME_FOR_NETWORK_IEI == *msg_ptr) {
msg_ptr++;
liblte_mme_unpack_network_name_ie(&msg_ptr, &emm_info->short_net_name);
emm_info->short_net_name_present = true;
@ -5944,7 +5945,7 @@ LIBLTE_ERROR_ENUM liblte_mme_unpack_emm_information_msg(LIBLTE_BYTE_MSG_STRUCT*
}
// Local Time Zone
if (LIBLTE_MME_LOCAL_TIME_ZONE_IEI == *msg_ptr) {
if (msg_ptr < msg_end && LIBLTE_MME_LOCAL_TIME_ZONE_IEI == *msg_ptr) {
msg_ptr++;
liblte_mme_unpack_time_zone_ie(&msg_ptr, &emm_info->local_time_zone);
emm_info->local_time_zone_present = true;
@ -5953,7 +5954,7 @@ LIBLTE_ERROR_ENUM liblte_mme_unpack_emm_information_msg(LIBLTE_BYTE_MSG_STRUCT*
}
// Universal Time And Local Time Zone
if (LIBLTE_MME_UNIVERSAL_TIME_AND_LOCAL_TIME_ZONE_IEI == *msg_ptr) {
if (msg_ptr < msg_end && LIBLTE_MME_UNIVERSAL_TIME_AND_LOCAL_TIME_ZONE_IEI == *msg_ptr) {
msg_ptr++;
liblte_mme_unpack_time_zone_and_time_ie(&msg_ptr, &emm_info->utc_and_local_time_zone);
emm_info->utc_and_local_time_zone_present = true;
@ -5962,7 +5963,7 @@ LIBLTE_ERROR_ENUM liblte_mme_unpack_emm_information_msg(LIBLTE_BYTE_MSG_STRUCT*
}
// Network Daylight Saving Time
if (LIBLTE_MME_NETWORK_DAYLIGHT_SAVING_TIME_IEI == *msg_ptr) {
if (msg_ptr < msg_end && LIBLTE_MME_NETWORK_DAYLIGHT_SAVING_TIME_IEI == *msg_ptr) {
msg_ptr++;
liblte_mme_unpack_daylight_saving_time_ie(&msg_ptr, &emm_info->net_dst);
emm_info->net_dst_present = true;