const char *hexpdu;
long pdu_len;
int tpdu_len;
- unsigned char pdu[164];
+ unsigned char pdu[176];
char buf[256];
dump_response("at_cmt_notify", TRUE, result);
return;
}
+ if (strlen(hexpdu) > sizeof(pdu) * 2) {
+ ofono_error("Bad PDU length in CMT notification");
+ return;
+ }
+
ofono_debug("Got new SMS Deliver PDU via CMT: %s, %d", hexpdu, tpdu_len);
decode_hex_own_buf(hexpdu, -1, &pdu_len, 0, pdu);
struct ofono_sms *sms = user_data;
GAtResultIter iter;
const char *hexpdu;
- unsigned char pdu[164];
+ unsigned char pdu[176];
long pdu_len;
int tpdu_len;
hexpdu = g_at_result_pdu(result);
+ if (strlen(hexpdu) > sizeof(pdu) * 2)
+ goto err;
+
ofono_debug("Got PDU: %s, with len: %d", hexpdu, tpdu_len);
decode_hex_own_buf(hexpdu, -1, &pdu_len, 0, pdu);
struct sms_data *data = ofono_sms_get_data(sms);
GAtResultIter iter;
const char *hexpdu;
- unsigned char pdu[164];
+ unsigned char pdu[176];
long pdu_len;
int tpdu_len;
int index;
ofono_debug("Found an old SMS PDU: %s, with len: %d",
hexpdu, tpdu_len);
+ if (strlen(hexpdu) > sizeof(pdu) * 2)
+ continue;
+
decode_hex_own_buf(hexpdu, -1, &pdu_len, 0, pdu);
ofono_sms_deliver_notify(sms, pdu, pdu_len, tpdu_len);