fixeria has uploaded this change for review. ( https://gerrit.osmocom.org/c/osmo-bts/+/27764 )
Change subject: rsl: always check return value of rsl_tlv_parse() ......................................................................
rsl: always check return value of rsl_tlv_parse()
Change-Id: I07cbd2849d83af28eb0458547f0eacc81347df23 --- M src/common/rsl.c 1 file changed, 57 insertions(+), 24 deletions(-)
git pull ssh://gerrit.osmocom.org:29418/osmo-bts refs/changes/64/27764/1
diff --git a/src/common/rsl.c b/src/common/rsl.c index 961e065..76a4c76 100644 --- a/src/common/rsl.c +++ b/src/common/rsl.c @@ -498,7 +498,11 @@ struct gsm48_system_information_type_2quater *si2q; struct bitvec bv; const uint8_t *si_buf; - rsl_tlv_parse(&tp, msgb_l3(msg), msgb_l3len(msg)); + + if (rsl_tlv_parse(&tp, msgb_l3(msg), msgb_l3len(msg)) < 0) { + LOGPTRX(trx, DRSL, LOGL_ERROR, "%s(): rsl_tlv_parse() failed\n", __func__); + return rsl_tx_error_report(trx, RSL_ERR_PROTO, &cch->chan_nr, NULL, msg); + }
/* 9.3.30 System Info Type */ if (!TLVP_PRESENT(&tp, RSL_IE_SYSINFO_TYPE)) @@ -695,7 +699,10 @@ const uint8_t *identity_lv; int rc;
- rsl_tlv_parse(&tp, msgb_l3(msg), msgb_l3len(msg)); + if (rsl_tlv_parse(&tp, msgb_l3(msg), msgb_l3len(msg)) < 0) { + LOGPTRX(trx, DRSL, LOGL_ERROR, "%s(): rsl_tlv_parse() failed\n", __func__); + return rsl_tx_error_report(trx, RSL_ERR_PROTO, &cch->chan_nr, NULL, msg); + }
if (!TLVP_PRESENT(&tp, RSL_IE_PAGING_GROUP) || !TLVP_PRESENT(&tp, RSL_IE_MS_IDENTITY)) @@ -730,7 +737,10 @@ bool extended_cbch = false; int rc;
- rsl_tlv_parse(&tp, msgb_l3(msg), msgb_l3len(msg)); + if (rsl_tlv_parse(&tp, msgb_l3(msg), msgb_l3len(msg)) < 0) { + LOGPTRX(trx, DRSL, LOGL_ERROR, "%s(): rsl_tlv_parse() failed\n", __func__); + return rsl_tx_error_report(trx, RSL_ERR_PROTO, &cch->chan_nr, NULL, msg); + }
if (!TLVP_PRESENT(&tp, RSL_IE_CB_CMD_TYPE) || !TLVP_PRESENT(&tp, RSL_IE_SMSCB_MSG)) @@ -759,7 +769,10 @@ struct gsm_bts *bts = trx->bts; struct tlv_parsed tp;
- rsl_tlv_parse(&tp, msgb_l3(msg), msgb_l3len(msg)); + if (rsl_tlv_parse(&tp, msgb_l3(msg), msgb_l3len(msg)) < 0) { + LOGPTRX(trx, DRSL, LOGL_ERROR, "%s(): rsl_tlv_parse() failed\n", __func__); + return rsl_tx_error_report(trx, RSL_ERR_PROTO, &cch->chan_nr, NULL, msg); + }
if (!TLVP_PRESENT(&tp, RSL_IE_SMSCB_MSG)) return rsl_tx_error_report(trx, RSL_ERR_MAND_IE_ERROR, &cch->chan_nr, NULL, msg); @@ -848,7 +861,10 @@ uint8_t rsl_si; enum osmo_sysinfo_type osmo_si;
- rsl_tlv_parse(&tp, msgb_l3(msg), msgb_l3len(msg)); + if (rsl_tlv_parse(&tp, msgb_l3(msg), msgb_l3len(msg)) < 0) { + LOGPTRX(trx, DRSL, LOGL_ERROR, "%s(): rsl_tlv_parse() failed\n", __func__); + return rsl_tx_error_report(trx, RSL_ERR_PROTO, NULL, NULL, msg); + }
/* 9.3.30 System Info Type */ if (!TLVP_PRESENT(&tp, RSL_IE_SYSINFO_TYPE)) @@ -1105,14 +1121,11 @@ struct gsm_power_ctrl_params *params; const struct tlv_p_entry *ie; struct tlv_parsed tp; - int rc;
LOGPTRX(trx, DRSL, LOGL_INFO, "Rx Measurement Pre-processing Defaults\n");
- rc = rsl_tlv_parse(&tp, msgb_l3(msg), msgb_l3len(msg)); - if (rc < 0) { - LOGPTRX(trx, DRSL, LOGL_ERROR, "Failed to parse ip.access specific " - "Measurement Pre-processing Defaults for MS/BS Power control\n"); + if (rsl_tlv_parse(&tp, msgb_l3(msg), msgb_l3len(msg)) < 0) { + LOGPTRX(trx, DRSL, LOGL_ERROR, "%s(): rsl_tlv_parse() failed\n", __func__); return rsl_tx_error_report(trx, RSL_ERR_PROTO, NULL, NULL, msg); }
@@ -1161,7 +1174,10 @@ struct abis_rsl_cchan_hdr *cch = msgb_l2(msg); struct tlv_parsed tp;
- rsl_tlv_parse(&tp, msgb_l3(msg), msgb_l3len(msg)); + if (rsl_tlv_parse(&tp, msgb_l3(msg), msgb_l3len(msg)) < 0) { + LOGPTRX(trx, DRSL, LOGL_ERROR, "%s(): rsl_tlv_parse() failed\n", __func__); + return rsl_tx_error_report(trx, RSL_ERR_PROTO, &cch->chan_nr, NULL, msg); + }
if (!TLVP_PRESENT(&tp, RSL_IE_FULL_IMM_ASS_INFO)) return rsl_tx_error_report(trx, RSL_ERR_MAND_IE_ERROR, &cch->chan_nr, NULL, msg); @@ -1713,7 +1729,10 @@ .current = 0, };
- rsl_tlv_parse(&tp, msgb_l3(msg), msgb_l3len(msg)); + if (rsl_tlv_parse(&tp, msgb_l3(msg), msgb_l3len(msg)) < 0) { + LOGPLCHAN(lchan, DRSL, LOGL_ERROR, "%s(): rsl_tlv_parse() failed\n", __func__); + return rsl_tx_chan_act_nack(lchan, RSL_ERR_PROTO); + }
/* 9.3.3 Activation Type */ if (!TLVP_PRESENT(&tp, RSL_IE_ACT_TYPE)) { @@ -2068,7 +2087,8 @@ uint8_t link_id;
if (rsl_tlv_parse(&tp, msgb_l3(msg), msgb_l3len(msg)) < 0) { - return rsl_tx_error_report(msg->trx, RSL_ERR_IE_CONTENT, &dch->chan_nr, NULL, msg); + LOGPLCHAN(lchan, DRSL, LOGL_ERROR, "%s(): rsl_tlv_parse() failed\n", __func__); + return rsl_tx_error_report(msg->trx, RSL_ERR_PROTO, &dch->chan_nr, NULL, msg); }
if (!TLVP_PRESENT(&tp, RSL_IE_ENCR_INFO) || @@ -2189,7 +2209,10 @@ uint8_t cause; int rc;
- rsl_tlv_parse(&tp, msgb_l3(msg), msgb_l3len(msg)); + if (rsl_tlv_parse(&tp, msgb_l3(msg), msgb_l3len(msg)) < 0) { + LOGPLCHAN(lchan, DRSL, LOGL_ERROR, "%s(): rsl_tlv_parse() failed\n", __func__); + return rsl_tx_mode_modif_nack(lchan, RSL_ERR_PROTO); + }
/* 9.3.6 Channel Mode */ if (rsl_handle_chan_mod_ie(lchan, &tp, &cause) != 0) @@ -2255,7 +2278,10 @@ uint8_t pwr; int max_pwr, curr_pwr;
- rsl_tlv_parse(&tp, msgb_l3(msg), msgb_l3len(msg)); + if (rsl_tlv_parse(&tp, msgb_l3(msg), msgb_l3len(msg)) < 0) { + LOGPLCHAN(lchan, DRSL, LOGL_ERROR, "%s(): rsl_tlv_parse() failed\n", __func__); + return rsl_tx_error_report(msg->trx, RSL_ERR_PROTO, &dch->chan_nr, NULL, msg); + }
/* 9.3.13 MS Power (M) */ if (!TLVP_PRES_LEN(&tp, RSL_IE_MS_POWER, 1)) @@ -2318,7 +2344,10 @@ struct tlv_parsed tp; uint8_t old, new;
- rsl_tlv_parse(&tp, msgb_l3(msg), msgb_l3len(msg)); + if (rsl_tlv_parse(&tp, msgb_l3(msg), msgb_l3len(msg)) < 0) { + LOGPLCHAN(lchan, DRSL, LOGL_ERROR, "%s(): rsl_tlv_parse() failed\n", __func__); + return rsl_tx_error_report(trx, RSL_ERR_PROTO, &dch->chan_nr, NULL, msg); + }
/* 9.3.4 BS Power (M) */ if (!TLVP_PRES_LEN(&tp, RSL_IE_BS_POWER, 1)) @@ -2391,7 +2420,10 @@ struct tlv_parsed tp; uint8_t rsl_si, osmo_si;
- rsl_tlv_parse(&tp, msgb_l3(msg), msgb_l3len(msg)); + if (rsl_tlv_parse(&tp, msgb_l3(msg), msgb_l3len(msg)) < 0) { + LOGPLCHAN(lchan, DRSL, LOGL_ERROR, "%s(): rsl_tlv_parse() failed\n", __func__); + return rsl_tx_error_report(msg->trx, RSL_ERR_PROTO, &dch->chan_nr, NULL, msg); + }
if (TLVP_PRESENT(&tp, RSL_IE_STARTNG_TIME)) { LOGPLCHAN(lchan, DRSL, LOGL_NOTICE, "Starting time not supported\n"); @@ -2730,10 +2762,10 @@ return tx_ipac_XXcx_nack(lchan, 0x52, 0, dch->c.msg_type);
- rc = rsl_tlv_parse(&tp, msgb_l3(msg), msgb_l3len(msg)); - if (rc < 0) - return tx_ipac_XXcx_nack(lchan, RSL_ERR_MAND_IE_ERROR, - 0, dch->c.msg_type); + if (rsl_tlv_parse(&tp, msgb_l3(msg), msgb_l3len(msg)) < 0) { + LOGPLCHAN(lchan, DRSL, LOGL_ERROR, "%s(): rsl_tlv_parse() failed\n", __func__); + return tx_ipac_XXcx_nack(lchan, RSL_ERR_PROTO, 0, dch->c.msg_type); + }
LOGPLCHAN(lchan, DRSL, LOGL_DEBUG, "IPAC_%s: ", name); if (TLVP_PRES_LEN(&tp, RSL_IE_IPAC_REMOTE_IP, 4)) { @@ -2908,9 +2940,10 @@ struct gsm_lchan *lchan = msg->lchan; int rc, inc_conn_id = 0;
- rc = rsl_tlv_parse(&tp, msgb_l3(msg), msgb_l3len(msg)); - if (rc < 0) - return rsl_tx_ipac_dlcx_nack(lchan, 0, RSL_ERR_MAND_IE_ERROR); + if (rsl_tlv_parse(&tp, msgb_l3(msg), msgb_l3len(msg)) < 0) { + LOGPLCHAN(lchan, DRSL, LOGL_ERROR, "%s(): rsl_tlv_parse() failed\n", __func__); + return rsl_tx_ipac_dlcx_nack(lchan, 0, RSL_ERR_PROTO); + }
if (TLVP_PRESENT(&tp, RSL_IE_IPAC_CONN_ID)) inc_conn_id = 1;