Change in osmo-sgsn[master]: consistently check the result of osmo_shift_v_fixed()

Stefan Sperling gerrit-no-reply at lists.osmocom.org
Thu Nov 22 12:34:24 UTC 2018


Stefan Sperling has uploaded this change for review. ( https://gerrit.osmocom.org/11876


Change subject: consistently check the result of osmo_shift_v_fixed()
......................................................................

consistently check the result of osmo_shift_v_fixed()

Coverity points out we forgot to check the return value of
osmo_shift_v_fixed() in some places. Add checks which verify
the expected length of data which is skipped by the parser.

Change-Id: I20406f411810e966443d6fd5a4620b9a66cd9809
Related: CID#135160
---
M src/gprs/gprs_gb_parse.c
1 file changed, 10 insertions(+), 5 deletions(-)



  git pull ssh://gerrit.osmocom.org:29418/osmo-sgsn refs/changes/76/11876/1

diff --git a/src/gprs/gprs_gb_parse.c b/src/gprs/gprs_gb_parse.c
index 18565ae..93b90a2 100644
--- a/src/gprs/gprs_gb_parse.c
+++ b/src/gprs/gprs_gb_parse.c
@@ -46,7 +46,8 @@
 	/* Skip Attach type */
 	/* Skip Ciphering key sequence number */
 	/* Skip DRX parameter */
-	osmo_shift_v_fixed(&data, &data_len, 3, NULL);
+	if (osmo_shift_v_fixed(&data, &data_len, 3, NULL) < 3)
+		return 0;
 
 	/* Get Mobile identity */
 	if (osmo_shift_lv(&data, &data_len, &value, &value_len) <= 0 ||
@@ -82,7 +83,8 @@
 	/* Skip Periodic RA update timer */
 	/* Skip Radio priority for SMS */
 	/* Skip Spare half octet */
-	osmo_shift_v_fixed(&data, &data_len, 3, NULL);
+	if (osmo_shift_v_fixed(&data, &data_len, 3, NULL) < 3)
+		return 0;
 
 	if (osmo_shift_v_fixed(&data, &data_len, 6, &value) <= 0)
 		return 0;
@@ -170,7 +172,8 @@
 
 	/* Skip Update type */
 	/* Skip GPRS ciphering key sequence number */
-	osmo_shift_v_fixed(&data, &data_len, 1, NULL);
+	if (osmo_shift_v_fixed(&data, &data_len, 1, NULL) < 1)
+		return 0;
 
 	if (osmo_shift_v_fixed(&data, &data_len, 6, &value) <= 0)
 		return 0;
@@ -221,7 +224,8 @@
 	/* Skip Force to standby */
 	/* Skip Update result */
 	/* Skip Periodic RA update timer */
-	osmo_shift_v_fixed(&data, &data_len, 2, NULL);
+	if (osmo_shift_v_fixed(&data, &data_len, 2, NULL) < 2)
+		return 0;
 
 	if (osmo_shift_v_fixed(&data, &data_len, 6, &value) <= 0)
 		return 0;
@@ -299,7 +303,8 @@
 
 	/* Skip Requested NSAPI */
 	/* Skip Requested LLC SAPI */
-	osmo_shift_v_fixed(&data, &data_len, 2, NULL);
+	if (osmo_shift_v_fixed(&data, &data_len, 2, NULL) < 2)
+		return 0;
 
 	/* Skip Requested QoS (support 04.08 and 24.008) */
 	if (osmo_shift_lv(&data, &data_len, NULL, &value_len) <= 0 ||

-- 
To view, visit https://gerrit.osmocom.org/11876
To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings

Gerrit-Project: osmo-sgsn
Gerrit-Branch: master
Gerrit-MessageType: newchange
Gerrit-Change-Id: I20406f411810e966443d6fd5a4620b9a66cd9809
Gerrit-Change-Number: 11876
Gerrit-PatchSet: 1
Gerrit-Owner: Stefan Sperling <ssperling at sysmocom.de>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osmocom.org/pipermail/gerrit-log/attachments/20181122/e599efea/attachment.html>


More information about the gerrit-log mailing list