Change in osmo-ggsn[master]: ggsn: fix misinterpreted length field in ipcp_contains_option()

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.

Harald Welte gerrit-no-reply at lists.osmocom.org
Mon May 28 16:23:01 UTC 2018


Harald Welte has posted comments on this change. ( https://gerrit.osmocom.org/9354 )

Change subject: ggsn: fix misinterpreted length field in ipcp_contains_option()
......................................................................


Patch Set 1:

as indicated in the redmine ticket, please provide a test that reproducs the problem.

Also, there's a security issue here, as we're blindly assuming the "length" stays within bounds of the packet.  The function needs to be extended with the overall length of the input buffer/memory, so that it doesn't de-reference any out-of-bounds memory.  That should be a separate (but urgently needed) patch.


-- 
To view, visit https://gerrit.osmocom.org/9354
To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings

Gerrit-Project: osmo-ggsn
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: Icffde89f9bc5d8fcadf6e2dd6c0b4de03440edd5
Gerrit-Change-Number: 9354
Gerrit-PatchSet: 1
Gerrit-Owner: dexter <pmaier at sysmocom.de>
Gerrit-Reviewer: Harald Welte <laforge at gnumonks.org>
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: Pau Espin Pedrol <pespin at sysmocom.de>
Gerrit-Comment-Date: Mon, 28 May 2018 16:23:01 +0000
Gerrit-HasComments: No
Gerrit-HasLabels: No
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osmocom.org/pipermail/gerrit-log/attachments/20180528/4f4109f8/attachment.htm>


More information about the gerrit-log mailing list