Attention is currently required from: pespin, fixeria.
Patch set 1:Code-Review +1
1 comment:
File src/osmo-bsc/abis_rsl.c:
Patch Set #1, Line 1224: if (rsl_tlv_parse(&tp, dh->data, msgb_l2len(msg) - sizeof(*dh)) < 0) {
You probably need to check that msgb_l2len(msg) >= sizeof(*dh) before derreferencing dh below. […]
abis_rsl_rcvmsg() is checking for 'sizeof(struct abis_rsl_common_hdr)' length. Since only dh->c ('c' is the common part) is dereferenced, it's fine.
However, I think the check for the larger 'sizeof(struct abis_rsl_rx_dchan)' should go into the start of abis_rsl_rx_dchan(), whre we already dereference the chan_nr information element. Unrelated additional patch.
To view, visit change 27620. To unsubscribe, or for help writing mail filters, visit settings.