Attention is currently required from: pespin.
1 comment:
File src/sm/sm_pdu.c:
rc = osmo_apn_from_str(msg->tail, msgb_tailroom(msg), sme->apn);
if (rc < 0)
return -EINVAL;
*l = rc;
msgb_put(msg, *l);
IMHO this is highly unusual: passing a pointer to msg->tail and storing some data before doing the msgb_put. All the "legacy" code that I recall does the msgb_put() first. It would at that point ASSERT if we ever overrun msgb_tailroom, before anything is memcpying over it.
The approach you take is to potentially encode zero-length IEs in case msgb_tailroom() ever goes to zero. I'm not really sure if that's any better...
To view, visit change 32644. To unsubscribe, or for help writing mail filters, visit settings.