From b461b170fa3c19c5d7c3f689884a510559cb7940 Mon Sep 17 00:00:00 2001
From: Holger Hans Peter Freyther <zecke@selfish.org>
Date: Sun, 15 Jan 2012 10:49:43 +0100
Subject: [PATCH 1/1] gsm: Implement the size checking of the hello packet

---
 gsm.cpp | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/gsm.cpp b/gsm.cpp
index 5fbbd49..5d4b64d 100644
--- a/gsm.cpp
+++ b/gsm.cpp
@@ -1351,6 +1351,34 @@ static int mncc_fd_read(struct lcr_fd *lfd, void *inst, int idx)
 			mncc_fd_close(lcr_gsm, lfd);
 			return 0;
 		}
+		if (hello->mncc_size != sizeof(struct gsm_mncc)) {
+			PERROR("MNCC gsm_mncc size differs: %u %u\n",
+				hello->mncc_size, sizeof(struct gsm_mncc));
+			mncc_fd_close(lcr_gsm, lfd);
+			return 0;
+		}
+		if (hello->data_frame_size != sizeof(struct gsm_data_frame)) {
+			PERROR("MNCC gsm_mncc size differs: %u %u\n",
+				hello->data_frame_size, sizeof(struct gsm_data_frame));
+			mncc_fd_close(lcr_gsm, lfd);
+			return 0;
+		}
+
+#define CHECK_OFFSET(hello, field, lcr_gsm, lfd)	\
+		if (hello->field ##_offset != __builtin_offsetof(struct gsm_mncc, field)) {	\
+			PERROR("MNCC gsm_mncc offset of %s is %u %u\n",				\
+				#field, hello->field ##_offset,					\
+				__builtin_offsetof(struct gsm_mncc, field));			\
+			mncc_fd_close(lcr_gsm, lfd);						\
+			return 0;								\
+		}
+
+		CHECK_OFFSET(hello, called, lcr_gsm, lfd);
+		CHECK_OFFSET(hello, signal, lcr_gsm, lfd);
+		CHECK_OFFSET(hello, emergency, lcr_gsm, lfd);
+		CHECK_OFFSET(hello, lchan_type, lcr_gsm, lfd);
+#undef CHECK_OFFSET
+
 		break;
 	}
 
-- 
2.13.6