Change in osmo-pcu[master]: csn1: fix csnStreamDecoder(): catch unknown CSN_CHOICE values

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.

laforge gerrit-no-reply at lists.osmocom.org
Thu Feb 13 12:14:40 UTC 2020


laforge has submitted this change. ( https://gerrit.osmocom.org/c/osmo-pcu/+/17120 )

Change subject: csn1: fix csnStreamDecoder(): catch unknown CSN_CHOICE values
......................................................................

csn1: fix csnStreamDecoder(): catch unknown CSN_CHOICE values

After the recent changes [1], it was noticed that one of the unit
tests fails. In particular, a decode-encode cycle of Packet
Polling Request produces a different vector:

  vector1 = 49 13 e0 08 50 88 40 13 a8 04 8b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b
  vector2 = 49 13 01 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b
  vector1 == vector2 : FALSE

As it turns out, the original (input) vector itself is malformed
because it contails no valid identity, and thus violates the
specs. The CSN.1 decoder from Pycrate [2] throws an exception
while trying to decode it. I believe we should do the same.

Let's stop decoding the bit stream and return an error in case
if neither of a given list of the choice items matched.

[1] Ia0f8cc224a4c38e80699f834fd83d4c0d99322ea
[2] https://github.com/P1sec/pycrate

Change-Id: I420144773ed5e80372534e0f18db5e74cdb2999d
Fixes: OS#4392
---
M src/csn1.cpp
M tests/rlcmac/RLCMACTest.ok
2 files changed, 10 insertions(+), 2 deletions(-)

Approvals:
  Jenkins Builder: Verified
  pespin: Looks good to me, approved



diff --git a/src/csn1.cpp b/src/csn1.cpp
index 01e3a43..5928d69 100644
--- a/src/csn1.cpp
+++ b/src/csn1.cpp
@@ -495,6 +495,10 @@
         guint8 i     = 0;
         CSN_ChoiceElement_t* pChoice = (CSN_ChoiceElement_t*) pDescr->descr.ptr;
 
+        /* Make sure that the list of choice items is not empty */
+        if (!count)
+          return ProcessError(readIndex, "csnStreamDecoder", CSN_ERROR_IN_SCRIPT, pDescr);
+
         while (count > 0)
         {
           guint8 no_of_bits = pChoice->bits;
@@ -537,6 +541,10 @@
           i++;
         }
 
+        /* Neither of the choice items matched => unknown value */
+        if (!count)
+          return ProcessError(readIndex, "csnStreamDecoder", CSN_ERROR_STREAM_NOT_SUPPORTED, pDescr);
+
         pDescr++;
         break;
       }
diff --git a/tests/rlcmac/RLCMACTest.ok b/tests/rlcmac/RLCMACTest.ok
index 24ea4b7..2d27ca4 100644
--- a/tests/rlcmac/RLCMACTest.ok
+++ b/tests/rlcmac/RLCMACTest.ok
@@ -58,11 +58,11 @@
 vector1 == vector2 : TRUE
 vector1 = 4913e00850884013a8048b2b2b2b2b2b2b2b2b2b2b2b2b
 =========Start DECODE===========
-+++++++++Finish DECODE (0)++++++++++
++++++++++Finish DECODE (-8)++++++++++
 =========Start ENCODE=============
 +++++++++Finish ENCODE (0)+++++++++++
 vector1 = 49 13 e0 08 50 88 40 13 a8 04 8b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 
-vector2 = 49 13 01 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 
+vector2 = 49 13 00 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 
 vector1 == vector2 : FALSE
 vector1 = 412430007fffffffffffffffefd19c7ba12b2b2b2b2b2b
 =========Start DECODE===========

-- 
To view, visit https://gerrit.osmocom.org/c/osmo-pcu/+/17120
To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings

Gerrit-Project: osmo-pcu
Gerrit-Branch: master
Gerrit-Change-Id: I420144773ed5e80372534e0f18db5e74cdb2999d
Gerrit-Change-Number: 17120
Gerrit-PatchSet: 1
Gerrit-Owner: fixeria <axilirator at gmail.com>
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: fixeria <axilirator at gmail.com>
Gerrit-Reviewer: laforge <laforge at osmocom.org>
Gerrit-Reviewer: pespin <pespin at sysmocom.de>
Gerrit-MessageType: merged
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osmocom.org/pipermail/gerrit-log/attachments/20200213/717cfcc9/attachment.htm>


More information about the gerrit-log mailing list