sms-part: check UDH length vs available size before trying to read it

https://bugzilla.gnome.org/show_bug.cgi?id=698246
author: Aleksander Morgado <aleksander@lanedo.com> 2013-04-18 14:43:06 +0200
committer: Aleksander Morgado <aleksander@lanedo.com> 2013-04-18 14:43:37 +0200
commit: 95274bfa2327a5fec59db33ca94463f4f9baff9c (patch)
tree: e0d07018782da39c6d66501587500b093c5d9adb
parent: 9fa5b9001a4a61128aa894941062d8e6d025e101 (diff)
1 files changed, 5 insertions, 1 deletions
diff --git a/src/mm-sms-part.c b/src/mm-sms-part.c
index e68a25b6..a5e8b33c 100644
--- a/src/mm-sms-part.c
+++ b/src/mm-sms-part.c
@@ -779,6 +779,8 @@ mm_sms_part_new_from_binary_pdu (guint index,
             udhl = pdu[tp_user_data_offset] + 1;
             end = tp_user_data_offset + udhl;
 
+            PDU_SIZE_CHECK (tp_user_data_offset + udhl, "cannot read UDH");
+
             for (offset = tp_user_data_offset + 1; (offset + 1) < end;) {
                 guint8 ie_id, ie_len;
 
@@ -853,7 +855,9 @@ mm_sms_part_new_from_binary_pdu (guint index,
             {
                 GByteArray *raw;
 
-                mm_dbg ("Skipping SMS text: Unknown encoding");
+                mm_dbg ("Skipping SMS text: Unknown encoding (0x%02X)", user_data_encoding);
+
+                PDU_SIZE_CHECK (tp_user_data_offset + tp_user_data_size_bytes, "cannot read user data");
 
                 /* 8-bit encoding is usually binary data, and we have no idea what
                  * actual encoding the data is in so we can't convert it.
author	Aleksander Morgado <aleksander@lanedo.com>	2013-04-18 14:43:06 +0200
committer	Aleksander Morgado <aleksander@lanedo.com>	2013-04-18 14:43:37 +0200
commit	95274bfa2327a5fec59db33ca94463f4f9baff9c (patch)
tree	e0d07018782da39c6d66501587500b093c5d9adb
parent	9fa5b9001a4a61128aa894941062d8e6d025e101 (diff)