[OpenSIPS-Devel] [OpenSIPS/opensips] 6089db: proto_smpp: bound sm_length against buffer overflo...
volga629-1
noreply at github.com
Wed May 13 11:22:38 UTC 2026
Branch: refs/heads/master
Home: https://github.com/OpenSIPS/opensips
Commit: 6089db4ab94ba2ea09f8a88fd792c64949198ba4
https://github.com/OpenSIPS/opensips/commit/6089db4ab94ba2ea09f8a88fd792c64949198ba4
Author: volga629-1 <59034879+volga629-1 at users.noreply.github.com>
Date: 2026-05-13 (Wed, 13 May 2026)
Changed paths:
M modules/proto_smpp/smpp.c
Log Message:
-----------
proto_smpp: bound sm_length against buffer overflow (#3891)
Clamp attacker-controlled sm_length to MAX_SMS_CHARACTERS in
parse_submit_or_deliver_body() and reject oversized or odd UCS2
lengths in recv_smpp_msg() before they reach copy_fixed_str()
or the GSM7/UCS2 decoders.
Fixes a stack/heap buffer overflow reachable from a malicious
SMSC peer sending submit_sm/deliver_sm with sm_length > 254.
Signed-off-by: NetworkLab Dev <info at networklab.ca>
To unsubscribe from these emails, change your notification settings at https://github.com/OpenSIPS/opensips/settings/notifications
More information about the Devel
mailing list