cbsp: Fix decoding of WRITE-REPLACE payload The user length is the first IE *in* the fixed-length TV, make sure cbsp_dec_write_repl() respects that. Change-Id: I864cafac2466a89a4bd9644bc73363fff2babd03

commit: e674c44c3073705ae46b668cd86100bd9c90db98 [log] [tgz]
author: Harald Welte <laforge@gnumonks.org> Sun Sep 01 22:30:58 2019 +0200
committer: Harald Welte <laforge@gnumonks.org> Sun Sep 01 22:32:24 2019 +0200
tree: c4d957fb9b27de4e266c02c4cc004b2c7dca39d3
parent: 3097bcec581c9c4a39cd69ffd3a5b878c86bac81 [diff]
diff --git a/src/gsm/cbsp.c b/src/gsm/cbsp.c
index 591ff25..ccc2df5 100644
--- a/src/gsm/cbsp.c
+++ b/src/gsm/cbsp.c

@@ -687,8 +687,8 @@
 			}
 			page = talloc_zero(ctx, struct osmo_cbsp_content);
 			OSMO_ASSERT(page);
-			page->user_len = *(ie-1); /* length byte before payload */
-			memcpy(page->data, ie, sizeof(page->data));
+			page->user_len = ie[0]; /* length byte before payload */
+			memcpy(page->data, ie+1, sizeof(page->data));
 			llist_add_tail(&page->list, &out->u.cbs.msg_content);
 		}
 	} else {
commit	e674c44c3073705ae46b668cd86100bd9c90db98	[log] [tgz]
author	Harald Welte <laforge@gnumonks.org>	Sun Sep 01 22:30:58 2019 +0200
committer	Harald Welte <laforge@gnumonks.org>	Sun Sep 01 22:32:24 2019 +0200
tree	c4d957fb9b27de4e266c02c4cc004b2c7dca39d3
parent	3097bcec581c9c4a39cd69ffd3a5b878c86bac81 [diff]