Change in osmocom-bb[master]: layer23/l1ctl.c: fix: verify msg length using l1h, not l2h

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.

Vadim Yanitskiy gerrit-no-reply at lists.osmocom.org
Wed Oct 3 12:47:25 UTC 2018 

Vadim Yanitskiy has uploaded this change for review. ( https://gerrit.osmocom.org/11217


Change subject: layer23/l1ctl.c: fix: verify msg length using l1h, not l2h
......................................................................

layer23/l1ctl.c: fix: verify msg length using l1h, not l2h

The actual L1CTL header is pointed by 'msg->l1h', not 'l2h'!
Since msg->l2h is NULL (because nobody set it), the result of
msgb_l2len() would always be bigger than size of L1CTL header,
as it is calculated in the following way:

  return msgb->tail - (uint8_t *)msgb_l2(msgb);

So, in case if 'msg->l2h' is NULL, it turns into:

  return msgb->tail - 0;

Change-Id: I7fe2e00bb45ba07c9bb7438445eededfa09c96f3
---
M src/host/layer23/src/common/l1ctl.c
1 file changed, 4 insertions(+), 3 deletions(-)



  git pull ssh://gerrit.osmocom.org:29418/osmocom-bb refs/changes/17/11217/1

diff --git a/src/host/layer23/src/common/l1ctl.c b/src/host/layer23/src/common/l1ctl.c
index 9a3bc0e..c8695ca 100644
--- a/src/host/layer23/src/common/l1ctl.c
+++ b/src/host/layer23/src/common/l1ctl.c
@@ -874,9 +874,10 @@
 	int rc = 0;
 	struct l1ctl_hdr *l1h;
 
-	if (msgb_l2len(msg) < sizeof(*l1h)) {
-		LOGP(DL1C, LOGL_ERROR, "Short Layer2 message: %u\n",
-			msgb_l2len(msg));
+	/* Make sure a message has L1CTL header (pointed by msg->l1h) */
+	if (msgb_l1len(msg) < sizeof(*l1h)) {
+		LOGP(DL1C, LOGL_ERROR, "Short L1CTL message, "
+			"missing the header (len=%u)\n", msgb_l1len(msg));
 		msgb_free(msg);
 		return -1;
 	}

-- 
To view, visit https://gerrit.osmocom.org/11217
To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings

Gerrit-Project: osmocom-bb
Gerrit-Branch: master
Gerrit-MessageType: newchange
Gerrit-Change-Id: I7fe2e00bb45ba07c9bb7438445eededfa09c96f3
Gerrit-Change-Number: 11217
Gerrit-PatchSet: 1
Gerrit-Owner: Vadim Yanitskiy <axilirator at gmail.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osmocom.org/pipermail/gerrit-log/attachments/20181003/55687cc3/attachment.htm>

More information about the gerrit-log mailing list