Change in osmo-ttcn3-hacks[master]: BTS: fix: pad LAPDm frames before sending via L1CTL

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.

Vadim Yanitskiy gerrit-no-reply at lists.osmocom.org
Fri Jul 27 12:36:21 UTC 2018


Hello Stefan Sperling, Harald Welte, Jenkins Builder, 

I'd like you to reexamine a change. Please visit

    https://gerrit.osmocom.org/10183

to look at the new patch set (#4).

Change subject: BTS: fix: pad LAPDm frames before sending via L1CTL
......................................................................

BTS: fix: pad LAPDm frames before sending via L1CTL

Thanks to Stefan Sperling, a critical bug was discovered in trxcon.
The problem was that length of LAPDm frames was not checked before
passing them to the libosmocoding API. So, if a received LAPDm
frame is shorter than expected (i.e. 23 bytes), then:

  - in case of xCCH, there was a heap overflow (detected by ASAN),
    so a short frame has been encoded together with some garbage
    outside the primitive buffer...

  - in case of FACCH, as the length != 23, a frame was recognised
    as a speech frame, and also encoded together with some garbage.

Since the bug is fixed (OS#3415), some TTCN-3 BTS tests started
to fail, because most likely it was assumed that trxcon would
pad the frames automatically, but it doesn't and shouldn't.

Let's automatically pad LAPDm frames with 0x2b before sending.

Change-Id: I16cba4e4179456bebabf0638760af011a27fd333
Related: OS#3418
---
M bts/BTS_Tests.ttcn
1 file changed, 8 insertions(+), 2 deletions(-)


  git pull ssh://gerrit.osmocom.org:29418/osmo-ttcn3-hacks refs/changes/83/10183/4
-- 
To view, visit https://gerrit.osmocom.org/10183
To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings

Gerrit-Project: osmo-ttcn3-hacks
Gerrit-Branch: master
Gerrit-MessageType: newpatchset
Gerrit-Change-Id: I16cba4e4179456bebabf0638760af011a27fd333
Gerrit-Change-Number: 10183
Gerrit-PatchSet: 4
Gerrit-Owner: Vadim Yanitskiy <axilirator at gmail.com>
Gerrit-Reviewer: Harald Welte <laforge at gnumonks.org>
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: Stefan Sperling <ssperling at sysmocom.de>
Gerrit-Reviewer: Vadim Yanitskiy <axilirator at gmail.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osmocom.org/pipermail/gerrit-log/attachments/20180727/29c0c4c6/attachment.htm>


More information about the gerrit-log mailing list