From 3f58f4f5260be9e9e46bc50382768563a5ce2bcd Mon Sep 17 00:00:00 2001 From: Denis Kenzior Date: Thu, 29 Feb 2024 11:42:28 -0600 Subject: [PATCH 2/4] smsutil: Check cbs_dcs_decode return value It is better to explicitly check the return value of cbs_dcs_decode instead of relying on udhi not being changed due to side-effects. CVE: CVE-2023-2794 Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=7f2adfa22fbae824f8e2c3ae86a3f51da31ee400] Signed-off-by: Archana Polampalli --- src/smsutil.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/smsutil.c b/src/smsutil.c index d3844f3..cfa157a 100644 --- a/src/smsutil.c +++ b/src/smsutil.c @@ -1765,7 +1765,8 @@ gboolean sms_udh_iter_init_from_cbs(const struct cbs *cbs, const guint8 *hdr; guint8 max_ud_len; - cbs_dcs_decode(cbs->dcs, &udhi, NULL, NULL, NULL, NULL, NULL); + if (!cbs_dcs_decode(cbs->dcs, &udhi, NULL, NULL, NULL, NULL, NULL)) + return FALSE; if (!udhi) return FALSE; -- 2.40.0