| commit | a0735ecab558ea1759a8262eff62865bbed01051 | [log] [tgz] |
|---|---|---|
| author | Holger Hans Peter Freyther <holger@moiji-mobile.com> | Sun Feb 08 09:53:44 2015 +0100 |
| committer | Holger Hans Peter Freyther <holger@moiji-mobile.com> | Sun Feb 08 09:56:31 2015 +0100 |
| tree | cc3c1db68c861db846fc747201358dbb939a4ecf | |
| parent | 60e073e28d5e52f8eb4feaa422abc71b8b9f831b [diff] |
smpp: Fix potential crash in handling submitSM In case: * No message_payload and a 0 sm_length was used * esm_class indicates UDH being present * 7bit encoding was requested The code would execute: ud_len = *sms_msg + 1; Which is a NULL pointer dereference and would lead to a crash of the NITB. Enforce the limits of the sm_length parameter and reject the messae otherwise. Fixes: Coverity CID 1042373