From 90e60ada012de42964214d8155260f5749d0dcc7 Mon Sep 17 00:00:00 2001
From: Ivaylo Dimitrov <ivo.g.dimitrov.75@gmail.com>
Date: Tue, 3 Dec 2024 21:43:50 +0200
Subject: [PATCH] stkutil: Fix CVE-2024-7543

CVE: CVE-2024-7543
Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=90e60ada012de42964214d8155260f5749d0dcc7]
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
---
 src/stkutil.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/stkutil.c b/src/stkutil.c
index 4f31af4..fdd11ad 100644
--- a/src/stkutil.c
+++ b/src/stkutil.c
@@ -1876,6 +1876,10 @@ static bool parse_dataobj_mms_reference(struct comprehension_tlv_iter *iter,
 
 	data = comprehension_tlv_iter_get_data(iter);
 	mr->len = len;
+
+	if (len > sizeof(mr->ref))
+		return false;
+
 	memcpy(mr->ref, data, len);
 
 	return true;
-- 
2.25.1