From 07f48b23e3877ef7d15a7b0b8b79d32ad0a3607e Mon Sep 17 00:00:00 2001
From: Denis Kenzior <denkenz@gmail.com>
Date: Mon, 5 Aug 2024 20:23:38 +0800
Subject: [PATCH] simutil: Make sure set_length on the parent succeeds

CVE: CVE-2023-2794
Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=07f48b23e3877ef7d15a7b0b8b79d32ad0a3607e]

Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
---
 src/simutil.c | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/src/simutil.c b/src/simutil.c
index 59d8d5d..0e131e8 100644
--- a/src/simutil.c
+++ b/src/simutil.c
@@ -588,8 +588,9 @@ gboolean ber_tlv_builder_set_length(struct ber_tlv_builder *builder,
	if (new_pos > builder->max)
		return FALSE;

-	if (builder->parent)
-		ber_tlv_builder_set_length(builder->parent, new_pos);
+	if (builder->parent &&
+			!ber_tlv_builder_set_length(builder->parent, new_pos))
+		return FALSE;

	builder->len = new_len;

@@ -730,9 +731,9 @@ gboolean comprehension_tlv_builder_set_length(
	if (builder->pos + new_ctlv_len > builder->max)
		return FALSE;

-	if (builder->parent)
-		ber_tlv_builder_set_length(builder->parent,
-						builder->pos + new_ctlv_len);
+	if (builder->parent && !ber_tlv_builder_set_length(builder->parent,
+						builder->pos + new_ctlv_len))
+		return FALSE;

	len = MIN(builder->len, new_len);
	if (len > 0 && new_len_size != len_size)
--
2.25.1