consistently check the result of osmo_shift_v_fixed()
Coverity points out we forgot to check the return value of
osmo_shift_v_fixed() in some places. Add checks which verify
the expected length of data which is skipped by the parser.
Change-Id: I20406f411810e966443d6fd5a4620b9a66cd9809
Related: CID#135160
diff --git a/src/gprs/gprs_gb_parse.c b/src/gprs/gprs_gb_parse.c
index 18565ae..93b90a2 100644
--- a/src/gprs/gprs_gb_parse.c
+++ b/src/gprs/gprs_gb_parse.c
@@ -46,7 +46,8 @@
/* Skip Attach type */
/* Skip Ciphering key sequence number */
/* Skip DRX parameter */
- osmo_shift_v_fixed(&data, &data_len, 3, NULL);
+ if (osmo_shift_v_fixed(&data, &data_len, 3, NULL) < 3)
+ return 0;
/* Get Mobile identity */
if (osmo_shift_lv(&data, &data_len, &value, &value_len) <= 0 ||
@@ -82,7 +83,8 @@
/* Skip Periodic RA update timer */
/* Skip Radio priority for SMS */
/* Skip Spare half octet */
- osmo_shift_v_fixed(&data, &data_len, 3, NULL);
+ if (osmo_shift_v_fixed(&data, &data_len, 3, NULL) < 3)
+ return 0;
if (osmo_shift_v_fixed(&data, &data_len, 6, &value) <= 0)
return 0;
@@ -170,7 +172,8 @@
/* Skip Update type */
/* Skip GPRS ciphering key sequence number */
- osmo_shift_v_fixed(&data, &data_len, 1, NULL);
+ if (osmo_shift_v_fixed(&data, &data_len, 1, NULL) < 1)
+ return 0;
if (osmo_shift_v_fixed(&data, &data_len, 6, &value) <= 0)
return 0;
@@ -221,7 +224,8 @@
/* Skip Force to standby */
/* Skip Update result */
/* Skip Periodic RA update timer */
- osmo_shift_v_fixed(&data, &data_len, 2, NULL);
+ if (osmo_shift_v_fixed(&data, &data_len, 2, NULL) < 2)
+ return 0;
if (osmo_shift_v_fixed(&data, &data_len, 6, &value) <= 0)
return 0;
@@ -299,7 +303,8 @@
/* Skip Requested NSAPI */
/* Skip Requested LLC SAPI */
- osmo_shift_v_fixed(&data, &data_len, 2, NULL);
+ if (osmo_shift_v_fixed(&data, &data_len, 2, NULL) < 2)
+ return 0;
/* Skip Requested QoS (support 04.08 and 24.008) */
if (osmo_shift_lv(&data, &data_len, NULL, &value_len) <= 0 ||