aboutsummaryrefslogtreecommitdiff
path: root/src/mm-sms-part-3gpp.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/mm-sms-part-3gpp.c')
-rw-r--r--src/mm-sms-part-3gpp.c27
1 files changed, 27 insertions, 0 deletions
diff --git a/src/mm-sms-part-3gpp.c b/src/mm-sms-part-3gpp.c
index a44b3970..6e089bd9 100644
--- a/src/mm-sms-part-3gpp.c
+++ b/src/mm-sms-part-3gpp.c
@@ -1065,6 +1065,15 @@ mm_sms_part_3gpp_get_submit_pdu (MMSmsPart *part,
goto error;
}
+ if (offset + packlen > PDU_SIZE) {
+ g_set_error (error,
+ MM_MESSAGE_ERROR,
+ MM_MESSAGE_ERROR_INVALID_PDU_PARAMETER,
+ "Packed user data is too large for PDU (want %d bytes total, have %d)",
+ offset + packlen, PDU_SIZE);
+ goto error;
+ }
+
memcpy (&pdu[offset], packed, packlen);
offset += packlen;
} else if (encoding == MM_SMS_ENCODING_UCS2) {
@@ -1090,6 +1099,15 @@ mm_sms_part_3gpp_get_submit_pdu (MMSmsPart *part,
*udl_ptr,
mm_sms_part_get_concat_sequence (part) ? "with" : "without");
+ if (offset + array->len > PDU_SIZE) {
+ g_set_error (error,
+ MM_MESSAGE_ERROR,
+ MM_MESSAGE_ERROR_INVALID_PDU_PARAMETER,
+ "User data is too large for PDU (want %d bytes total, have %d)",
+ offset + array->len, PDU_SIZE);
+ goto error;
+ }
+
memcpy (&pdu[offset], array->data, array->len);
offset += array->len;
} else if (mm_sms_part_get_encoding (part) == MM_SMS_ENCODING_8BIT) {
@@ -1105,6 +1123,15 @@ mm_sms_part_3gpp_get_submit_pdu (MMSmsPart *part,
*udl_ptr,
mm_sms_part_get_concat_sequence (part) ? "with" : "without");
+ if (offset + data->len > PDU_SIZE) {
+ g_set_error (error,
+ MM_MESSAGE_ERROR,
+ MM_MESSAGE_ERROR_INVALID_PDU_PARAMETER,
+ "User data is too large for PDU (want %d bytes total, have %d)",
+ offset + data->len, PDU_SIZE);
+ goto error;
+ }
+
memcpy (&pdu[offset], data->data, data->len);
offset += data->len;
} else
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2025-06-07 09:44:40 +0000