This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/OpenBSC@lists.osmocom.org/.
Holger Hans Peter Freyther holger at freyther.deOn Fri, Nov 29, 2013 at 01:43:47PM +0100, Jacob Erlbeck wrote: > The MGCP message isn't always NUL-terminated when arriving at > mgcp_handle_message(). This may lead to undefined results. oh! > + /* Ensure that the msg->l2h is NULL terminated. */ > + if (msgb_tailroom(msg) > 0) > + *msg->tail = '\0'; > + else if (*(msg->tail-1) == '\r' || *(msg->tail-1) == '\n') > + *(msg->tail - 1) = '\0'; > + else { > + LOGP(DMGCP, LOGL_ERROR, "Cannot NUL terminate MGCP message: " > + "Length: %d, Buffer size: %d\n", > + msgb_l2len(msg), msg->data_len); > + return NULL; > + } The check misses if "tail - 1" is already \0 and if tail - 1 is not NULL. I would just add an OSMO_ASSERT and fix the caller that didn't null terminate?! What do you think?