[PATCH] libosmocore[master]: gsm0808: fixup length check of the element decoder functions

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.

dexter gerrit-no-reply at lists.osmocom.org
Fri Apr 28 09:29:53 UTC 2017 

Review at  https://gerrit.osmocom.org/2446

gsm0808: fixup length check of the element decoder functions

The length check of the decoder functions is not entirely
correct. The check also checks for values below zero,
which does not make sense, since the length is encoded
as uint8_t.

For some elements a minimum length is known (in most caes
this is 1, so checking for zero is sufficient but in some
cases (e.g. channel type) the spec mentions a minimum and
maximum length. This is now also reflected in the code.

Change-Id: I78bc887f68d1963d28c6fcd631ac20ccd893d6d6
---
M src/gsm/gsm0808_utils.c
1 file changed, 11 insertions(+), 6 deletions(-)


  git pull ssh://gerrit.osmocom.org:29418/libosmocore refs/changes/46/2446/1

diff --git a/src/gsm/gsm0808_utils.c b/src/gsm/gsm0808_utils.c
index b4bb878..4b8b925 100644
--- a/src/gsm/gsm0808_utils.c
+++ b/src/gsm/gsm0808_utils.c
@@ -88,7 +88,7 @@
 	OSMO_ASSERT(ss);
 	if (!elem)
 		return -EINVAL;
-	if (len <= 0)
+	if (len == 0)
 		return -EINVAL;
 
 	memset(ss, 0, sizeof(*ss));
@@ -166,6 +166,7 @@
 uint8_t gsm0808_enc_speech_codec(struct msgb *msg,
 				 const struct gsm0808_speech_codec *sc)
 {
+	/* See also 3GPP TS 48.008 3.2.2.103 Speech Codec List */
 	uint8_t *old_tail;
 	uint8_t *tlv_len;
 
@@ -193,7 +194,7 @@
 	OSMO_ASSERT(sc);
 	if (!elem)
 		return -EINVAL;
-	if (len <= 0)
+	if (len == 0)
 		return -EINVAL;
 
 	memset(sc, 0, sizeof(*sc));
@@ -242,6 +243,7 @@
 uint8_t gsm0808_enc_speech_codec_list(struct msgb *msg,
 				      const struct gsm0808_speech_codec_list *scl)
 {
+	/* See also 3GPP TS 48.008 3.2.2.103 Speech Codec List */
 	uint8_t *old_tail;
 	uint8_t *tlv_len;
 	unsigned int i;
@@ -273,6 +275,7 @@
 int gsm0808_dec_speech_codec_list(struct gsm0808_speech_codec_list *scl,
 				  const uint8_t *elem, uint8_t len)
 {
+	/* See also 3GPP TS 48.008 3.2.2.103 Speech Codec List */
 	const uint8_t *old_elem = elem;
 	unsigned int i;
 	int rc;
@@ -281,7 +284,7 @@
 	OSMO_ASSERT(scl);
 	if (!elem)
 		return -EINVAL;
-	if (len <= 0)
+	if (len == 0)
 		return -EINVAL;
 
 	memset(scl, 0, sizeof(*scl));
@@ -313,6 +316,7 @@
 uint8_t gsm0808_enc_channel_type(struct msgb *msg,
 				 const struct gsm0808_channel_type *ct)
 {
+	/* See also 3GPP TS 48.008 3.2.2.11 Channel Type */
 	unsigned int i;
 	uint8_t byte;
 	uint8_t *old_tail;
@@ -351,6 +355,7 @@
 int gsm0808_dec_channel_type(struct gsm0808_channel_type *ct,
 			     const uint8_t *elem, uint8_t len)
 {
+	/* See also 3GPP TS 48.008 3.2.2.11 Channel Type */
 	unsigned int i;
 	uint8_t byte;
 	const uint8_t *old_elem = elem;
@@ -358,7 +363,7 @@
 	OSMO_ASSERT(ct);
 	if (!elem)
 		return -EINVAL;
-	if (len <= 0)
+	if (len < 3 || len > 11)
 		return -EINVAL;
 
 	memset(ct, 0, sizeof(*ct));
@@ -427,7 +432,7 @@
 	OSMO_ASSERT(ei);
 	if (!elem)
 		return -EINVAL;
-	if (len <= 0)
+	if (len == 0)
 		return -EINVAL;
 
 	memset(ei, 0, sizeof(*ei));
@@ -497,7 +502,7 @@
 	OSMO_ASSERT(cil);
 	if (!elem)
 		return -EINVAL;
-	if (len <= 0)
+	if (len == 0)
 		return -EINVAL;
 
 	memset(cil, 0, sizeof(*cil));

-- 
To view, visit https://gerrit.osmocom.org/2446
To unsubscribe, visit https://gerrit.osmocom.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I78bc887f68d1963d28c6fcd631ac20ccd893d6d6
Gerrit-PatchSet: 1
Gerrit-Project: libosmocore
Gerrit-Branch: master
Gerrit-Owner: dexter <pmaier at sysmocom.de>

More information about the gerrit-log mailing list