This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.
fixeria gerrit-no-reply at lists.osmocom.orgfixeria has uploaded this change for review. ( https://gerrit.osmocom.org/c/osmo-bsc/+/18597 ) Change subject: abis_nm: fix: properly truncate feature vector reported by BTS ...................................................................... abis_nm: fix: properly truncate feature vector reported by BTS The value of the feature vector can not only be greater, but also shorter than size of the buffer! This would potentially result in a buffer overrun. Let's fix this. Change-Id: I65e3228022865ea73de2e4821985df3097b9448b --- M src/osmo-bsc/abis_nm.c 1 file changed, 4 insertions(+), 3 deletions(-) git pull ssh://gerrit.osmocom.org:29418/osmo-bsc refs/changes/97/18597/1 diff --git a/src/osmo-bsc/abis_nm.c b/src/osmo-bsc/abis_nm.c index f600801..db2879f 100644 --- a/src/osmo-bsc/abis_nm.c +++ b/src/osmo-bsc/abis_nm.c @@ -571,8 +571,9 @@ /* log potential BTS feature vector overflow */ if (len > sizeof(bts->_features_data)) { - LOGP(DNM, LOGL_NOTICE, "BTS%u Get Attributes Response: feature vector is truncated to %zu bytes\n", - bts->nr, sizeof(bts->_features_data)); + LOGP(DNM, LOGL_NOTICE, "BTS%u Get Attributes Response: feature vector is truncated " + "(from %u to %zu bytes)\n", bts->nr, len, sizeof(bts->_features_data)); + len = sizeof(bts->_features_data); } /* check that max. expected BTS attribute is above given feature vector length */ @@ -583,7 +584,7 @@ bts->nr, len); } - memcpy(bts->_features_data, TLVP_VAL(tp, NM_ATT_MANUF_ID), sizeof(bts->_features_data)); + memcpy(bts->_features_data, TLVP_VAL(tp, NM_ATT_MANUF_ID), len); for (i = 0; i < _NUM_BTS_FEAT; i++) { if (osmo_bts_has_feature(&bts->features, i) != osmo_bts_has_feature(&bts->model->features, i)) { -- To view, visit https://gerrit.osmocom.org/c/osmo-bsc/+/18597 To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: osmo-bsc Gerrit-Branch: master Gerrit-Change-Id: I65e3228022865ea73de2e4821985df3097b9448b Gerrit-Change-Number: 18597 Gerrit-PatchSet: 1 Gerrit-Owner: fixeria <axilirator at gmail.com> Gerrit-MessageType: newchange -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.osmocom.org/pipermail/gerrit-log/attachments/20200529/238fd83a/attachment.htm>