Some simple size check. We would not overflow but would send garbage
Check the size
diff --git a/src/telnet_interface.c b/src/telnet_interface.c
index ddbbc58..a25c9bb 100644
--- a/src/telnet_interface.c
+++ b/src/telnet_interface.c
@@ -204,12 +204,19 @@
static const char* error[] = {
"48: IMSI not found\n",
"48: No channel allocated for IMSI\n" };
+ int ret;
struct gsm_bts *bts = &connection->network->bts[connection->bts];
struct gsm_lchan *lchan = find_channel(bts, connection->imsi, error, connection->fd.fd);
if (!lchan)
return;
+ if (connection->read < 2) {
+ static const char *msg = "48: Need at least two bytes";
+ ret = write(connection->fd.fd, msg, strlen(msg));
+ return;
+ }
+
struct msgb *msg = gsm48_msgb_alloc();
struct gsm48_hdr *gh;
int i;