From be0df9a74cecdf16c26f86bf88b29d823aa2a369 Mon Sep 17 00:00:00 2001
From: Denis Kenzior <denkenz@gmail.com>
Date: Thu, 29 Feb 2024 12:06:54 -0600
Subject: [PATCH 3/4] simutil: Make sure set_length on the parent succeeds

CVE: CVE-2023-2794

Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=07f48b23e3877ef7d15a7b0b8b79d32ad0a3607e]

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
---
 src/simutil.c | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/src/simutil.c b/src/simutil.c
index 0354caf..218612b 100644
--- a/src/simutil.c
+++ b/src/simutil.c
@@ -588,8 +588,9 @@ gboolean ber_tlv_builder_set_length(struct ber_tlv_builder *builder,
	if (new_pos > builder->max)
		return FALSE;

-	if (builder->parent)
-		ber_tlv_builder_set_length(builder->parent, new_pos);
+	if (builder->parent &&
+			!ber_tlv_builder_set_length(builder->parent, new_pos))
+		return FALSE;

	builder->len = new_len;

@@ -730,9 +731,9 @@ gboolean comprehension_tlv_builder_set_length(
	if (builder->pos + new_ctlv_len > builder->max)
		return FALSE;

-	if (builder->parent)
-		ber_tlv_builder_set_length(builder->parent,
-						builder->pos + new_ctlv_len);
+	if (builder->parent && !ber_tlv_builder_set_length(builder->parent,
+						builder->pos + new_ctlv_len))
+		return FALSE;

	len = MIN(builder->len, new_len);
	if (len > 0 && new_len_size != len_size)
--
2.40.0