From 1a5fbefa59465bec80425add562bdb1d36ec8e23 Mon Sep 17 00:00:00 2001
From: Denis Grigorev <d.grigorev@omp.ru>
Date: Fri, 29 Dec 2023 13:30:04 +0300
Subject: [PATCH] smsutil: Validate the length of the address field

This addresses CVE-2023-4233.

CVE: CVE-2023-4233

Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=1a5fbefa59465bec]

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
---
 src/smsutil.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/smsutil.c b/src/smsutil.c
index 5a12708..8dd2126 100644
--- a/src/smsutil.c
+++ b/src/smsutil.c
@@ -626,6 +626,9 @@ gboolean sms_decode_address_field(const unsigned char *pdu, int len,

	if (!next_octet(pdu, len, offset, &addr_len))
		return FALSE;
+	/* According to 23.040 9.1.2.5 Address-Length must not exceed 20 */
+        if (addr_len > 20)
+                return FALSE;

	if (sc && addr_len == 0) {
		out->address[0] = '\0';
--
2.40.0