diff options
author | Marcel Holtmann <marcel@holtmann.org> | 2010-06-22 17:15:06 +0200 |
---|---|---|
committer | Marcel Holtmann <marcel@holtmann.org> | 2010-06-22 17:21:03 +0200 |
commit | 1fedd096a0ba2ce8625a9e4d1c2ce25bb8f6dfe4 (patch) | |
tree | fe5ee3db619c29b101a14aa2cc37eeda190db277 /src/sim.c | |
parent | 6f08920c1aa0918fcd6460f4cc5233d0a96c382c (diff) | |
download | ofono-1fedd096a0ba2ce8625a9e4d1c2ce25bb8f6dfe4.tar.bz2 |
Check sanity the MNC length value from the SIM card
In case the SIM entry is wrong or we force reading of it, nasty things
like this can happen:
ofonod[12456]: Control:> AT+CRSM=176,28589,0,0,4\r
ofonod[12456]: Control:< +CRSM: 144,0,"00FFFF"\r\n\r\nOK\r\n
*** buffer overflow detected ***: ./src/ofonod terminated
======= Backtrace: =========
/lib64/libc.so.6(__fortify_fail+0x37)[0x3e42efb417]
/lib64/libc.so.6[0x3e42ef9310]
/lib64/libc.so.6(__strncpy_chk+0x17b)[0x3e42ef85cb]
Diffstat (limited to 'src/sim.c')
-rw-r--r-- | src/sim.c | 4 |
1 files changed, 4 insertions, 0 deletions
@@ -871,6 +871,10 @@ static void sim_ad_read_cb(int ok, int length, int record, new_mnc_length = data[3] & 0xf; + /* sanity check for potential invalid values */ + if (new_mnc_length < 2 || new_mnc_length > 3) + return; + if (sim->mnc_length == new_mnc_length) return; |