This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/osmocom-commitlog@lists.osmocom.org/.
gitosis at osmocom.org gitosis at osmocom.orgThis is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OpenBTS' transceiver retro-fit".
The branch, ttsou/fixes has been created
at 520d21c825c4f856b4faec6ddaa1b653d113fd05 (commit)
- Log -----------------------------------------------------------------
http://cgit.osmocom.org/osmo-trx/commit/?id=520d21c825c4f856b4faec6ddaa1b653d113fd05
commit 520d21c825c4f856b4faec6ddaa1b653d113fd05
Author: Tom Tsou <tom.tsou at ettus.com>
Date: Thu Apr 28 21:24:53 2016 -0700
common: Restrict UDP binding to localhost only
Reported security vulnerability where control and data UDP
packets can be injected into the transceiver externally due
to socket binding to all interfaces using INADDR_ANY.
Existing socket interface does not allow specifying local
address; only the local port and remote address/port are
arguments.
Restrict socket bind to localhost with INADDR_LOOPBACK. If
external interfaces do need to be used, the API should be
modified to allow specifying the local socket address.
Reported-by: Simone Margaritelli <simone at zimperium.com>
Signed-off-by: Tom Tsou <tom.tsou at ettus.com>
-----------------------------------------------------------------------
hooks/post-receive
--
OpenBTS' transceiver retro-fit