commit | 444771dae23f05294207983f723d3c8f17199f76 | [log] [tgz] |
---|---|---|
author | Vadim Yanitskiy <axilirator@gmail.com> | Sat May 11 04:46:24 2019 +0700 |
committer | Harald Welte <laforge@gnumonks.org> | Mon May 13 20:15:04 2019 +0000 |
tree | 565302a40366c38c441ac77c8a6cb9eb8da8d47e | |
parent | 18e8b39fcde77832382372ecbd98de955a132f7d [diff] |
libmsc/ran_msg_a.c: prevent chosen_encryption->key buffer overrun In ran_a_make_handover_request() we do prevent destination buffer (r.encryption_information.key) overflow, but not source buffer (n->geran.chosen_encryption->key) overrun if an incorrect key length is received. Let's fix this. Change-Id: I278bb72660634c2d535e1bd3d7fce5696da23575 Fixes: CID#198450 Out-of-bounds access