<p>Harald Welte <strong>merged</strong> this change.</p><p><a href="https://gerrit.osmocom.org/10183">View Change</a></p><div style="white-space:pre-wrap">Approvals:
  Harald Welte: Looks good to me, approved
  Jenkins Builder: Verified

</div><pre style="font-family: monospace,monospace; white-space: pre-wrap;">BTS: fix: pad LAPDm frames before sending via L1CTL<br><br>Thanks to Stefan Sperling, a critical bug was discovered in trxcon.<br>The problem was that length of LAPDm frames was not checked before<br>passing them to the libosmocoding API. So, if a received LAPDm<br>frame is shorter than expected (i.e. 23 bytes), then:<br><br>  - in case of xCCH, there was a heap overflow (detected by ASAN),<br>    so a short frame has been encoded together with some garbage<br>    outside the primitive buffer...<br><br>  - in case of FACCH, as the length != 23, a frame was recognised<br>    as a speech frame, and also encoded together with some garbage.<br><br>Since the bug is fixed (OS#3415), some TTCN-3 BTS tests started<br>to fail, because most likely it was assumed that trxcon would<br>pad the frames automatically, but it doesn't and shouldn't.<br><br>Let's automatically pad LAPDm frames with 0x2b before sending.<br><br>Change-Id: I16cba4e4179456bebabf0638760af011a27fd333<br>Related: OS#3418<br>---<br>M bts/BTS_Tests.ttcn<br>1 file changed, 8 insertions(+), 2 deletions(-)<br><br></pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;"><span>diff --git a/bts/BTS_Tests.ttcn b/bts/BTS_Tests.ttcn</span><br><span>index 40bfd24..77bffd6 100644</span><br><span>--- a/bts/BTS_Tests.ttcn</span><br><span>+++ b/bts/BTS_Tests.ttcn</span><br><span>@@ -1153,7 +1153,8 @@</span><br><span>                var LapdmFrameAB lb := valueof(ts_LAPDm_AB(0, false, false, enc_GsmRrL3Message(meas_rep)));</span><br><span>          log("LAPDm: ", lb);</span><br><span>                var octetstring pl := '0000'O & enc_LapdmFrameAB(lb);</span><br><span style="color: hsl(0, 100%, 40%);">-               L1CTL.send(ts_L1CTL_DATA_REQ(g_chan_nr, ts_RslLinkID_SACCH(0), pl));</span><br><span style="color: hsl(120, 100%, 40%);">+          L1CTL.send(ts_L1CTL_DATA_REQ(g_chan_nr, ts_RslLinkID_SACCH(0),</span><br><span style="color: hsl(120, 100%, 40%);">+                        f_pad_oct(pl, 23, '2B'O)));</span><br><span>          repeat;</span><br><span>              }</span><br><span> }</span><br><span>@@ -1163,7 +1164,8 @@</span><br><span>       [] L1CTL.receive(tr_L1CTL_DATA_IND(g_chan_nr, tr_RslLinkID_DCCH(?))) -> value l1_dl {</span><br><span>             log("DCCH received: ", l1_dl.payload.data_ind.payload);</span><br><span>            var octetstring pl := '010301'O;</span><br><span style="color: hsl(0, 100%, 40%);">-                L1CTL.send(ts_L1CTL_DATA_REQ(g_chan_nr, ts_RslLinkID_DCCH(0), pl));</span><br><span style="color: hsl(120, 100%, 40%);">+           L1CTL.send(ts_L1CTL_DATA_REQ(g_chan_nr, ts_RslLinkID_DCCH(0),</span><br><span style="color: hsl(120, 100%, 40%);">+                 f_pad_oct(pl, 23, '2B'O)));</span><br><span>          repeat;</span><br><span>              }</span><br><span> }</span><br><span>@@ -3222,6 +3224,10 @@</span><br><span>              /* prepend dummy L1 header */</span><br><span>                l2 := '0000'O & l2;</span><br><span>      }</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+   /* If required, pad L2 frame with constant 0x2b filling */</span><br><span style="color: hsl(120, 100%, 40%);">+    l2 := f_pad_oct(l2, 23, '2B'O);</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span>    log("encoding ", l, " to ", l2);</span><br><span>         L1CTL.send(ts_L1CTL_DATA_REQ(g_chan_nr, link_id, l2));</span><br><span> }</span><br><span></span><br></pre><p>To view, visit <a href="https://gerrit.osmocom.org/10183">change 10183</a>. To unsubscribe, or for help writing mail filters, visit <a href="https://gerrit.osmocom.org/settings">settings</a>.</p><div itemscope itemtype="http://schema.org/EmailMessage"><div itemscope itemprop="action" itemtype="http://schema.org/ViewAction"><link itemprop="url" href="https://gerrit.osmocom.org/10183"/><meta itemprop="name" content="View Change"/></div></div>

<div style="display:none"> Gerrit-Project: osmo-ttcn3-hacks </div>
<div style="display:none"> Gerrit-Branch: master </div>
<div style="display:none"> Gerrit-MessageType: merged </div>
<div style="display:none"> Gerrit-Change-Id: I16cba4e4179456bebabf0638760af011a27fd333 </div>
<div style="display:none"> Gerrit-Change-Number: 10183 </div>
<div style="display:none"> Gerrit-PatchSet: 5 </div>
<div style="display:none"> Gerrit-Owner: Vadim Yanitskiy <axilirator@gmail.com> </div>
<div style="display:none"> Gerrit-Reviewer: Harald Welte <laforge@gnumonks.org> </div>
<div style="display:none"> Gerrit-Reviewer: Jenkins Builder </div>
<div style="display:none"> Gerrit-Reviewer: Stefan Sperling <ssperling@sysmocom.de> </div>
<div style="display:none"> Gerrit-Reviewer: Vadim Yanitskiy <axilirator@gmail.com> </div>