Change in osmocom-bb[master]: host/layer23/ccch_scan: skip CCCH frames with wrong length

[fixeria]

fixeria has uploaded this change for review. ( https://gerrit.osmocom.org/c/osmocom-bb/+/24627 )


Change subject: host/layer23/ccch_scan: skip CCCH frames with wrong length
......................................................................

host/layer23/ccch_scan: skip CCCH frames with wrong length

It's not clear why do we get frames with unexpected length, but
we definitely should not crash.  Just ignore them.

Change-Id: I85392becbffdb3ba7365decfd8f3769abe3c02c7
Related: OS#5171
---
M src/host/layer23/src/misc/app_ccch_scan.c
1 file changed, 7 insertions(+), 0 deletions(-)



  git pull ssh://gerrit.osmocom.org:29418/osmocom-bb refs/changes/27/24627/1

diff --git a/src/host/layer23/src/misc/app_ccch_scan.c b/src/host/layer23/src/misc/app_ccch_scan.c
index be2d9ae..c5017be 100644
--- a/src/host/layer23/src/misc/app_ccch_scan.c
+++ b/src/host/layer23/src/misc/app_ccch_scan.c
@@ -409,6 +409,13 @@
 	struct gsm48_system_information_type_header *sih = msgb_l3(msg);
 	int rc = 0;
 
+	/* Skip frames with wrong length */
+	if (msgb_l3len(msg) != GSM_MACBLOCK_LEN) {
+		LOGP(DRR, LOGL_ERROR, "Rx CCCH message with odd length=%u",
+		     msgb_l3len(msg));
+		return -EINVAL;
+	}
+
 	/* Skip dummy (fill) frames */
 	if (is_fill_frame(msg))
 		return 0;

-- 
To view, visit https://gerrit.osmocom.org/c/osmocom-bb/+/24627
To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings

Gerrit-Project: osmocom-bb
Gerrit-Branch: master
Gerrit-Change-Id: I85392becbffdb3ba7365decfd8f3769abe3c02c7
Gerrit-Change-Number: 24627
Gerrit-PatchSet: 1
Gerrit-Owner: fixeria <vyanitskiy at sysmocom.de>
Gerrit-MessageType: newchange
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osmocom.org/pipermail/gerrit-log/attachments/20210609/34387e65/attachment.htm>