[OpenSIPS-Devel] [OpenSIPS/opensips] c5af7f: proto_smpp: bound sm_length against buffer overflo...
volga629-1
noreply at github.com
Wed May 13 11:23:05 UTC 2026
Branch: refs/heads/4.0
Home: https://github.com/OpenSIPS/opensips
Commit: c5af7f7f5ba4e09502b6c8d1fd3cfd074cb139c4
https://github.com/OpenSIPS/opensips/commit/c5af7f7f5ba4e09502b6c8d1fd3cfd074cb139c4
Author: volga629-1 <59034879+volga629-1 at users.noreply.github.com>
Date: 2026-05-13 (Wed, 13 May 2026)
Changed paths:
M modules/proto_smpp/smpp.c
Log Message:
-----------
proto_smpp: bound sm_length against buffer overflow (#3891)
Clamp attacker-controlled sm_length to MAX_SMS_CHARACTERS in
parse_submit_or_deliver_body() and reject oversized or odd UCS2
lengths in recv_smpp_msg() before they reach copy_fixed_str()
or the GSM7/UCS2 decoders.
Fixes a stack/heap buffer overflow reachable from a malicious
SMSC peer sending submit_sm/deliver_sm with sm_length > 254.
Signed-off-by: NetworkLab Dev <info at networklab.ca>
(cherry picked from commit 6089db4ab94ba2ea09f8a88fd792c64949198ba4)
To unsubscribe from these emails, change your notification settings at https://github.com/OpenSIPS/opensips/settings/notifications
More information about the Devel
mailing list