openbsc.git branch master updated. 0.14.0-23-g322b149

gitosis at gitosis at
Tue Apr 7 18:19:20 UTC 2015

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The OpenBSC GSM Base Station Controller (+MSC/HLR/SGSN)".

The branch, master has been updated
       via  322b1499cd4d34b0148a15cb615ad6dff8203ed2 (commit)
       via  5b512051870017aebd79ff2ca05ad8be671728b2 (commit)
       via  9ed6fd25dde40e3079c5b278f543714b0d78a9f0 (commit)
      from  08ea4d87f6c5db1ce68ef58040a35271358fa6d8 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------

commit 322b1499cd4d34b0148a15cb615ad6dff8203ed2
Author: Jacob Erlbeck <jerlbeck at>
Date:   Tue Apr 7 17:49:49 2015 +0200

    nitb: Check source string length before calling strncpy (Coverity)
    Currently some VTY command do neither check the length of the source
    string before calling strncpy nor ensure NUL-termination afterwards.
    This can to destination string buffers whose contents are not
    This commit adds checks and corresponding warnings to the VTY
    commands 'subscriber TYPE ID name .NAME" and "subscriber TYPE ID
    extension EXTENSION".
    Fixes: Coverity CID 1206570, 1206569
    Sponsored-by: On-Waves ehf

commit 5b512051870017aebd79ff2ca05ad8be671728b2
Author: Jacob Erlbeck <jerlbeck at>
Date:   Tue Apr 7 17:49:48 2015 +0200

    gprs: Fix GSUP cancel_type handling (Coverity)
    When handling an incoming GSUP cancellation request, the cancel_type
    if effectively ignored, such that is always handled as
    This commit fixes the expression used to set the variable
    Fixes: Coverity CID 1267739
    Sponsored-by: On-Waves ehf

commit 9ed6fd25dde40e3079c5b278f543714b0d78a9f0
Author: Jacob Erlbeck <jerlbeck at>
Date:   Tue Apr 7 17:49:47 2015 +0200

    nat: Fix timeslot range in 'show bsc mgcp' VTY command
    Currently the inner loop in show_bsc_mgcp iterates of the timeslot
    interval [0, 31]. Timeslot 0 is not valid, which causes
    mgcp_timeslot_to_endpoint to generate a corresponding warning and to
    return an invalid endp value. That value causes an out-of-bound
    read access, possibly hitting unallocated memory.
    This patch fixes the loop range by starting with timeslot 1.
    Note that this does not prevent mgcp_timeslot_to_endpoint from
    returning an invalid endpoint index when called with arguments not
    within its domain.
    <000b> ../../include/openbsc/mgcp.h:250 Timeslot should not be 0
        vty=0xb4203db0, argc=1, argv=0xbfffebb0) at bsc_nat_vty.c:256
            max = 1
            con = 0xb4a004f0
            i = 0
            j = 0
    ==15700== ERROR: AddressSanitizer: heap-use-after-free on address
    0xb520be4f at pc 0x8062a42 bp 0xbfffeb18 sp 0xbfffeb0c
    Sponsored-by: On-Waves ehf


Summary of changes:
 openbsc/src/gprs/gprs_subscriber.c        |  3 ++-
 openbsc/src/libmsc/vty_interface_layer3.c | 14 ++++++++++++++
 openbsc/src/osmo-bsc_nat/bsc_nat_vty.c    |  2 +-
 openbsc/tests/sgsn/sgsn_test.c            | 12 ++++++++++++
 openbsc/tests/          | 26 ++++++++++++++++++++++++++
 5 files changed, 55 insertions(+), 2 deletions(-)

The OpenBSC GSM Base Station Controller (+MSC/HLR/SGSN)

More information about the osmocom-commitlog mailing list