Change in osmo-pcu[master]: pcu_l1_if: Check pag_req id_lv len fits buffer

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.

laforge gerrit-no-reply at lists.osmocom.org
Mon Dec 9 16:20:08 UTC 2019


laforge has submitted this change. ( https://gerrit.osmocom.org/c/osmo-pcu/+/16527 )

Change subject: pcu_l1_if: Check pag_req id_lv len fits buffer
......................................................................

pcu_l1_if: Check pag_req id_lv len fits buffer

Related: OS#4316
Change-Id: I803e1d2577a0d210e74feb5ca4c216375a5024ea
---
M src/pcu_l1_if.cpp
1 file changed, 8 insertions(+), 0 deletions(-)

Approvals:
  Jenkins Builder: Verified
  laforge: Looks good to me, approved



diff --git a/src/pcu_l1_if.cpp b/src/pcu_l1_if.cpp
index 5e22c5c..98e697d 100644
--- a/src/pcu_l1_if.cpp
+++ b/src/pcu_l1_if.cpp
@@ -19,6 +19,7 @@
 
 #include <stdio.h>
 #include <unistd.h>
+#include <inttypes.h>
 #include <stdlib.h>
 #include <string.h>
 #include <errno.h>
@@ -636,6 +637,13 @@
 	LOGP(DL1IF, LOGL_DEBUG, "Paging request received: chan_needed=%d "
 		"length=%d\n", pag_req->chan_needed, pag_req->identity_lv[0]);
 
+	/* check if identity does not fit: length > sizeof(lv) - 1 */
+	if (pag_req->identity_lv[0] >= sizeof(pag_req->identity_lv)) {
+		LOGP(DL1IF, LOGL_ERROR, "Paging identity too large (%" PRIu8 ")\n",
+			pag_req->identity_lv[0]);
+		return -EINVAL;
+	}
+
 	return BTS::main_bts()->add_paging(pag_req->chan_needed,
 						pag_req->identity_lv);
 }

-- 
To view, visit https://gerrit.osmocom.org/c/osmo-pcu/+/16527
To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings

Gerrit-Project: osmo-pcu
Gerrit-Branch: master
Gerrit-Change-Id: I803e1d2577a0d210e74feb5ca4c216375a5024ea
Gerrit-Change-Number: 16527
Gerrit-PatchSet: 1
Gerrit-Owner: pespin <pespin at sysmocom.de>
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: laforge <laforge at osmocom.org>
Gerrit-MessageType: merged
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osmocom.org/pipermail/gerrit-log/attachments/20191209/acb77b2b/attachment.htm>


More information about the gerrit-log mailing list