Change in osmo-pcu[master]: csn1: Validate recursive array max size during decoding

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.

pespin gerrit-no-reply at lists.osmocom.org
Mon Mar 23 14:44:07 UTC 2020 

Hello Jenkins Builder, 

I'd like you to reexamine a change. Please visit

    https://gerrit.osmocom.org/c/osmo-pcu/+/17572

to look at the new patch set (#2).

Change subject: csn1: Validate recursive array max size during decoding
......................................................................

csn1: Validate recursive array max size during decoding

This way if CSN1 encoded bitstream contains more elements than what the
defintion expects it will fail instead of overflowing the decoded
buffer.

RA cap struct placed in unit test is taken from a real android phone
sending the value when attaching to the network. Then SGSN sends it back
and osmo-pcu would crash similar to unit test:
*** stack smashing detected ***: terminated
 Process terminating with default action of signal 6 (SIGABRT): dumping core
at 0x4C62CE5: raise (in /usr/lib/libc-2.31.so)
by 0x4C4C856: abort (in /usr/lib/libc-2.31.so)
by 0x4CA62AF: __libc_message (in /usr/lib/libc-2.31.so)
by 0x4D36069: __fortify_fail (in /usr/lib/libc-2.31.so)
by 0x4D36033: __stack_chk_fail (in /usr/lib/libc-2.31.so)
by 0x124706: testRAcap2(void*) (RLCMACTest.cpp:468)

Related: OS#4463
Change-Id: I9fe0e55e0a6a41ae2cc885fba490c1d4a186231e
---
M src/csn1.c
M src/csn1.h
M tests/rlcmac/RLCMACTest.cpp
M tests/rlcmac/RLCMACTest.err
M tests/rlcmac/RLCMACTest.ok
5 files changed, 163 insertions(+), 5 deletions(-)


  git pull ssh://gerrit.osmocom.org:29418/osmo-pcu refs/changes/72/17572/2
-- 
To view, visit https://gerrit.osmocom.org/c/osmo-pcu/+/17572
To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings

Gerrit-Project: osmo-pcu
Gerrit-Branch: master
Gerrit-Change-Id: I9fe0e55e0a6a41ae2cc885fba490c1d4a186231e
Gerrit-Change-Number: 17572
Gerrit-PatchSet: 2
Gerrit-Owner: pespin <pespin at sysmocom.de>
Gerrit-Reviewer: Jenkins Builder
Gerrit-MessageType: newpatchset
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osmocom.org/pipermail/gerrit-log/attachments/20200323/5304957f/attachment.htm>

More information about the gerrit-log mailing list