Change in libosmocore[master]: ns2: Add sanity checks

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.

daniel gerrit-no-reply at lists.osmocom.org
Sat Jan 16 14:04:16 UTC 2021 

daniel has uploaded this change for review. ( https://gerrit.osmocom.org/c/libosmocore/+/22234 )


Change subject: ns2: Add sanity checks
......................................................................

ns2: Add sanity checks

Prevent memory corruption or segfaults by asserting that NSE and bind
link layer match. A mismatch should never happen and might cause the
bind to access invalid memory when sending because nsvc->priv doesn't
match what it expects.

Change-Id: I7ca4cd1c5dac8b5e44ffc4825b9373b2d04911ab
Related: OS#4948
---
M src/gb/gprs_ns2.c
M src/gb/gprs_ns2_message.c
2 files changed, 15 insertions(+), 0 deletions(-)



  git pull ssh://gerrit.osmocom.org:29418/libosmocore refs/changes/34/22234/1

diff --git a/src/gb/gprs_ns2.c b/src/gb/gprs_ns2.c
index e43b636..3ca87a4 100644
--- a/src/gb/gprs_ns2.c
+++ b/src/gb/gprs_ns2.c
@@ -490,6 +490,9 @@
 struct gprs_ns2_vc *ns2_vc_alloc(struct gprs_ns2_vc_bind *bind, struct gprs_ns2_nse *nse, bool initiater,
 				 enum gprs_ns2_vc_mode vc_mode)
 {
+	/* Sanity check */
+	OSMO_ASSERT(bind->ll == nse->ll);
+
 	struct gprs_ns2_vc *nsvc = talloc_zero(bind, struct gprs_ns2_vc);
 
 	if (!nsvc)
diff --git a/src/gb/gprs_ns2_message.c b/src/gb/gprs_ns2_message.c
index eb9a198..35d3ba7 100644
--- a/src/gb/gprs_ns2_message.c
+++ b/src/gb/gprs_ns2_message.c
@@ -187,6 +187,7 @@
 /* transmit functions */
 static int ns2_tx_simple(struct gprs_ns2_vc *nsvc, uint8_t pdu_type)
 {
+	OSMO_ASSERT(nsvc->bind->ll == nsvc->nse->ll);
 	struct msgb *msg = gprs_ns2_msgb_alloc();
 	struct gprs_ns_hdr *nsh;
 
@@ -210,6 +211,7 @@
  *  \returns 0 in case of success */
 int ns2_tx_block(struct gprs_ns2_vc *nsvc, uint8_t cause)
 {
+	OSMO_ASSERT(nsvc->bind->ll == nsvc->nse->ll);
 	struct msgb *msg;
 	struct gprs_ns_hdr *nsh;
 	uint16_t nsvci = osmo_htons(nsvc->nsvci);
@@ -243,6 +245,7 @@
  *  \returns 0 in case of success */
 int ns2_tx_block_ack(struct gprs_ns2_vc *nsvc)
 {
+	OSMO_ASSERT(nsvc->bind->ll == nsvc->nse->ll);
 	struct msgb *msg;
 	struct gprs_ns_hdr *nsh;
 	uint16_t nsvci = osmo_htons(nsvc->nsvci);
@@ -274,6 +277,7 @@
  *  \returns 0 in case of success */
 int ns2_tx_reset(struct gprs_ns2_vc *nsvc, uint8_t cause)
 {
+	OSMO_ASSERT(nsvc->bind->ll == nsvc->nse->ll);
 	struct msgb *msg;
 	struct gprs_ns_hdr *nsh;
 	uint16_t nsvci = osmo_htons(nsvc->nsvci);
@@ -307,6 +311,7 @@
  *  \returns 0 in case of success */
 int ns2_tx_reset_ack(struct gprs_ns2_vc *nsvc)
 {
+	OSMO_ASSERT(nsvc->bind->ll == nsvc->nse->ll);
 	struct msgb *msg;
 	struct gprs_ns_hdr *nsh;
 	uint16_t nsvci, nsei;
@@ -407,6 +412,7 @@
 		     uint16_t bvci, uint8_t sducontrol,
 		     struct msgb *msg)
 {
+	OSMO_ASSERT(nsvc->bind->ll == nsvc->nse->ll);
 	struct gprs_ns_hdr *nsh;
 
 	log_set_context(LOG_CTX_GB_NSE, nsvc->nse);
@@ -437,6 +443,7 @@
 int ns2_tx_status(struct gprs_ns2_vc *nsvc, uint8_t cause,
 		       uint16_t bvci, struct msgb *orig_msg)
 {
+	OSMO_ASSERT(nsvc->bind->ll == nsvc->nse->ll);
 	struct msgb *msg = gprs_ns2_msgb_alloc();
 	struct gprs_ns_hdr *nsh;
 	uint16_t nsvci = osmo_htons(nsvc->nsvci);
@@ -498,6 +505,7 @@
 			const struct gprs_ns_ie_ip6_elem *ip6_elems,
 			unsigned int num_ip6_elems)
 {
+	OSMO_ASSERT(nsvc->bind->ll == nsvc->nse->ll);
 	struct msgb *msg = gprs_ns2_msgb_alloc();
 	struct gprs_ns_hdr *nsh;
 	uint16_t nsei;
@@ -557,6 +565,7 @@
 			   const struct gprs_ns_ie_ip6_elem *ip6_elems,
 			   unsigned int num_ip6_elems)
 {
+	OSMO_ASSERT(nsvc->bind->ll == nsvc->nse->ll);
 	struct msgb *msg;
 	struct gprs_ns_hdr *nsh;
 	uint16_t nsei;
@@ -607,6 +616,7 @@
  *  \returns 0 on success; negative in case of error */
 int ns2_tx_sns_config_ack(struct gprs_ns2_vc *nsvc, uint8_t *cause)
 {
+	OSMO_ASSERT(nsvc->bind->ll == nsvc->nse->ll);
 	struct msgb *msg;
 	struct gprs_ns_hdr *nsh;
 	uint16_t nsei;
@@ -652,6 +662,7 @@
 int ns2_tx_sns_size(struct gprs_ns2_vc *nsvc, bool reset_flag, uint16_t max_nr_nsvc,
 			 int ip4_ep_nr, int ip6_ep_nr)
 {
+	OSMO_ASSERT(nsvc->bind->ll == nsvc->nse->ll);
 	struct msgb *msg = gprs_ns2_msgb_alloc();
 	struct gprs_ns_hdr *nsh;
 	uint16_t nsei;
@@ -697,6 +708,7 @@
  *  \returns 0 on success; negative in case of error */
 int ns2_tx_sns_size_ack(struct gprs_ns2_vc *nsvc, uint8_t *cause)
 {
+	OSMO_ASSERT(nsvc->bind->ll == nsvc->nse->ll);
 	struct msgb *msg = gprs_ns2_msgb_alloc();
 	struct gprs_ns_hdr *nsh;
 	uint16_t nsei;

-- 
To view, visit https://gerrit.osmocom.org/c/libosmocore/+/22234
To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings

Gerrit-Project: libosmocore
Gerrit-Branch: master
Gerrit-Change-Id: I7ca4cd1c5dac8b5e44ffc4825b9373b2d04911ab
Gerrit-Change-Number: 22234
Gerrit-PatchSet: 1
Gerrit-Owner: daniel <dwillmann at sysmocom.de>
Gerrit-MessageType: newchange
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osmocom.org/pipermail/gerrit-log/attachments/20210116/c636e3d6/attachment.htm>

More information about the gerrit-log mailing list