dexter has uploaded this change for review. ( https://gerrit.osmocom.org/c/osmo-bsc/+/31577 )
Change subject: abis_rsl: assert maximum length ......................................................................
abis_rsl: assert maximum length
The length parameter in rsl_imm_assign_cmd_common() may cause a buffer overflow when it is chosen larger than GSM_MACBLOCK_LEN. This should be asserted.
Change-Id: I9417b35fb8c0517f2555e17059bf8ac60fa59791 --- M src/osmo-bsc/abis_rsl.c 1 file changed, 14 insertions(+), 0 deletions(-)
git pull ssh://gerrit.osmocom.org:29418/osmo-bsc refs/changes/77/31577/1
diff --git a/src/osmo-bsc/abis_rsl.c b/src/osmo-bsc/abis_rsl.c index ee2e2d3..410f08e 100644 --- a/src/osmo-bsc/abis_rsl.c +++ b/src/osmo-bsc/abis_rsl.c @@ -944,6 +944,7 @@ break; default: /* If phase 2, construct a FULL_IMM_ASS_INFO */ + OSMO_ASSERT(len <= sizeof(buf)); pad_macblock(buf, val, len); msgb_tlv_put(msg, RSL_IE_FULL_IMM_ASS_INFO, GSM_MACBLOCK_LEN, buf);