From 22c625080ed67902f64122413489a08aad10a752 Mon Sep 17 00:00:00 2001
From: Denis Kenzior <denkenz@gmail.com>
Date: Mon, 13 Nov 2017 21:20:41 -0600
Subject: [PATCH] mbimmodem: fix crash

==12340== Invalid read of size 1
==12340==    at 0x4C2F9A0: __strncpy_sse2_unaligned (vg_replace_strmem.c:548)
==12340==    by 0x4A3520: strncpy (string3.h:126)
==12340==    by 0x4A3520: mbim_current_operator_cb (network-registration.c:178)
==12340==    by 0x49DC5D: dispatch_command_done (mbim.c:529)
==12340==    by 0x49DC5D: dispatch_message (mbim.c:594)
==12340==    by 0x49DC5D: command_read_handler (mbim.c:701)
---
 drivers/mbimmodem/network-registration.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/mbimmodem/network-registration.c b/drivers/mbimmodem/network-registration.c
index 04db5822..6b82c6ff 100644
--- a/drivers/mbimmodem/network-registration.c
+++ b/drivers/mbimmodem/network-registration.c
@@ -169,6 +169,9 @@ static void mbim_current_operator_cb(struct mbim_message *message, void *user)
 						&roaming_text))
 		goto error;
 
+	if (register_state < 3 || register_state > 5)
+		goto error;
+
 	DBG("provider: %s(%s)", provider_name, provider_id);
 
 	/* If MBIMRegisterStateRoaming or MBIMRegisterStatePartner */