From 8b74a5979867b5fe71f0b39c954a0fb1bd17a95e Mon Sep 17 00:00:00 2001
From: Rahul Jain <rahul.jain@suse.com>
Date: Tue, 14 Apr 2026 11:43:49 +0530
Subject: [PATCH] FIX CVE-2026-35330: libsimaka EAP-SIM/AKA buffer overflow

---
 src/libsimaka/simaka_message.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 
diff --git a/src/libsimaka/simaka_message.c b/src/libsimaka/simaka_message.c
index 7dd1548..8c14bec 100644
--- a/src/libsimaka/simaka_message.c
+++ b/src/libsimaka/simaka_message.c
@@ -410,7 +410,7 @@ static bool parse_attributes(private_simaka_message_t *this, chunk_t in)
 			case AT_ENCR_DATA:
 			case AT_RAND:
 			{
-				if (hdr->length * 4 > in.len || in.len < 4)
+				if (hdr->length == 0 || hdr->length * 4 > in.len || in.len < 4)
 				{
 					return invalid_length(hdr->type);
 				}
@@ -433,7 +433,7 @@ static bool parse_attributes(private_simaka_message_t *this, chunk_t in)
 			case AT_PADDING:
 			default:
 			{
-				if (hdr->length * 4 > in.len || in.len < 4)
+				if (hdr->length == 0 || hdr->length * 4 > in.len || in.len < 4)
 				{
 					return invalid_length(hdr->type);
 				}
-- 
2.50