From 2ff2da7ac374a790f8b2a0216bcb4e3126498225 Mon Sep 17 00:00:00 2001
From: "Sicelo A. Mhlongo" <absicsz@gmail.com>
Date: Wed, 4 Dec 2024 10:18:52 +0200
Subject: [PATCH] smsutil: check status report fits in buffer

Fixes CVE-2023-4232

CVE: CVE-2023-4232
Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=2ff2da7ac374a790f8b2a0216bcb4e3126498225]
Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
 src/smsutil.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/smsutil.c b/src/smsutil.c
index ac89f16c..a706e26f 100644
--- a/src/smsutil.c
+++ b/src/smsutil.c
@@ -1088,6 +1088,9 @@ static gboolean decode_status_report(const unsigned char *pdu, int len,
 		if ((len - offset) < expected)
 			return FALSE;
 
+		if (expected > (int)sizeof(out->status_report.ud))
+			return FALSE;
+
 		memcpy(out->status_report.ud, pdu + offset, expected);
 	}
 
-- 
2.30.2