Change in libosmocore[master]: tlv_parser: Fix various out-of-bounds accesses

historical

laforge has posted comments on this change. ( https://gerrit.osmocom.org/c/libosmocore/+/22113 )

Change subject: tlv_parser: Fix various out-of-bounds accesses
......................................................................

Patch Set 2:

(1 comment)

https://gerrit.osmocom.org/c/libosmocore/+/22113/1/src/gsm/tlv_parser.c 
File src/gsm/tlv_parser.c:

https://gerrit.osmocom.org/c/libosmocore/+/22113/1/src/gsm/tlv_parser.c@259 
PS1, Line 259: 		*o_val = buf+1;
> in here you are actually assigning a pointer to buf[1] with buf_len = 1, which doesn't look good to  […]
yes, it's caught by the check a the bottom of the function. I would generally prefer for the function to be shorter and readable, rathe than replicating the same check 6 times over and over again just to avoid a hypothetical future asan failure.

They only thing that I'd improve is to set *o_val (and if applicable *o_len) to NULL in the common error path at the bottom.  This way a caller, even if he ignores the return value, will not get pointers to invalid memory but will fail "properly" by NULL dereference.

-- 
To view, visit https://gerrit.osmocom.org/c/libosmocore/+/22113
To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings

Gerrit-Project: libosmocore
Gerrit-Branch: master
Gerrit-Change-Id: I98b02c914c9e3ecf56050af846292aa6979d7508
Gerrit-Change-Number: 22113
Gerrit-PatchSet: 2
Gerrit-Owner: laforge <laforge at osmocom.org>
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: fixeria <vyanitskiy at sysmocom.de>
Gerrit-Reviewer: pespin <pespin at sysmocom.de>
Gerrit-Comment-Date: Tue, 12 Jan 2021 18:06:21 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
Comment-In-Reply-To: pespin <pespin at sysmocom.de>
Gerrit-MessageType: comment
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osmocom.org/pipermail/gerrit-log/attachments/20210112/9eaf38f9/attachment.htm>