Attention is currently required from: arehbein, pespin, daniel.
Patch set 10:Code-Review -1
7 comments:
File src/gsm/ipa.c:
Patch Set #8, Line 728: * -EIO, if the header declares a payload too large */
*/ on the next line
Done
Patch Set #8, Line 735: const struct ipaccess_head *hh = (const struct ipaccess_head *) msg->data;
Agreeing with Pau here. […]
Done
Patch Set #8, Line 737: size_t total_len = payload_len + sizeof(*hh);
"sizeof(*hh) + payload_len;" it's logically easier to understand, as in lefto-to-right order filling […]
Done
Patch Set #8, Line 738: if (msgb_tailroom(msg) + msgb_length(msg) < total_len) {
> iiuc the problem here is that the allocated msgb space is not going to be enough to fit in what IP […]
Done
File src/gsm/ipa.c:
Patch Set #10, Line 733: osmo_ntohs(hh->len);
Now the problem is that you're accessing the buffer before checking if there is enough data in it.
Patch Set #10, Line 735: msgb_length(msg) + msgb_tailroom(msg);
This is incorrect. `msgb_length(msg)` is basically `msg->len`, which does include the tailroom and headroom. Please revert back to `msg->len` or `msgb_length(msg)` alone.
`ENOMEM` or `ENOSPC` is a better fit here, IMO.
To view, visit change 33083. To unsubscribe, or for help writing mail filters, visit settings.