From 5e372ed3295f6a090f56ba1cd2c0efe04d42069c Mon Sep 17 00:00:00 2001
From: Holger Hans Peter Freyther <zecke@selfish.org>
Date: Sun, 15 Jan 2012 10:49:43 +0100
Subject: [PATCH] gsm: Implement the size checking of the hello packet

---
 gsm.cpp | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/gsm.cpp b/gsm.cpp
index ee46ff6..a1ab7b0 100644
--- a/gsm.cpp
+++ b/gsm.cpp
@@ -1126,6 +1126,34 @@ static int mncc_fd_read(struct lcr_fd *lfd, void *inst, int idx)
 			mncc_fd_close(lcr_gsm, lfd);
 			return 0;
 		}
+		if (hello->mncc_size != sizeof(struct gsm_mncc)) {
+			PERROR("MNCC gsm_mncc size differs: %u %u\n",
+				hello->mncc_size, sizeof(struct gsm_mncc));
+			mncc_fd_close(lcr_gsm, lfd);
+			return 0;
+		}
+		if (hello->data_frame_size != sizeof(struct gsm_data_frame)) {
+			PERROR("MNCC gsm_mncc size differs: %u %u\n",
+				hello->data_frame_size, sizeof(struct gsm_data_frame));
+			mncc_fd_close(lcr_gsm, lfd);
+			return 0;
+		}
+
+#define CHECK_OFFSET(hello, field, lcr_gsm, lfd)	\
+		if (hello->field ##_offset != __builtin_offsetof(struct gsm_mncc, field)) {	\
+			PERROR("MNCC gsm_mncc offset of %s is %u %u\n",				\
+				#field, hello->field ##_offset,					\
+				__builtin_offsetof(struct gsm_mncc, field));			\
+			mncc_fd_close(lcr_gsm, lfd);						\
+			return 0;								\
+		}
+
+		CHECK_OFFSET(hello, called, lcr_gsm, lfd);
+		CHECK_OFFSET(hello, signal, lcr_gsm, lfd);
+		CHECK_OFFSET(hello, emergency, lcr_gsm, lfd);
+		CHECK_OFFSET(hello, lchan_type, lcr_gsm, lfd);
+#undef CHECK_OFFSET
+
 		break;
 	}
 
-- 
2.13.6