[S] Change in osmo-hnbgw[master]: hnbgw_rx_hnb_register_req(): guard against asn.1 parsing errors

neels has uploaded this change for review. ( https://gerrit.osmocom.org/c/osmo-hnbgw/+/39362?usp=email ) Change subject: hnbgw_rx_hnb_register_req(): guard against asn.1 parsing errors ...................................................................... hnbgw_rx_hnb_register_req(): guard against asn.1 parsing errors Change-Id: I555f11cadc23ea231821bd48f7cd62953b022e9e --- M src/osmo-hnbgw/hnbgw_hnbap.c 1 file changed, 17 insertions(+), 1 deletion(-) git pull ssh://gerrit.osmocom.org:29418/osmo-hnbgw refs/changes/62/39362/1 diff --git a/src/osmo-hnbgw/hnbgw_hnbap.c b/src/osmo-hnbgw/hnbgw_hnbap.c index e373600..ca46e55 100644 --- a/src/osmo-hnbgw/hnbgw_hnbap.c +++ b/src/osmo-hnbgw/hnbgw_hnbap.c @@ -465,6 +465,16 @@ return 0; } +static bool is_asn1_octet_string_empty(const OCTET_STRING_t *val) +{ + return !val || !val->buf || !val->size; +} + +static bool is_asn1_bit_string_empty(const BIT_STRING_t *val) +{ + return !val || !val->buf || !val->size; +} + static int hnbgw_rx_hnb_register_req(struct hnb_context *ctx, ANY_t *in) { struct hnb_persistent *hnbp; @@ -480,7 +490,13 @@ socklen_t len = sizeof(cur_osa); rc = hnbap_decode_hnbregisterrequesties(&ies, in); - if (rc < 0) { + if (rc < 0 + /* CID#465551: make sure that actual values ended up in the asn1 octet strings: */ + || is_asn1_octet_string_empty(&ies.lac) + || is_asn1_octet_string_empty(&ies.sac) + || is_asn1_octet_string_empty(&ies.rac) + || is_asn1_bit_string_empty(&ies.cellIdentity) + || is_asn1_octet_string_empty(&ies.plmNidentity)) { LOGHNB(ctx, DHNBAP, LOGL_ERROR, "Failure to decode HNB-REGISTER-REQ: rc=%d\n", rc); cause.present = HNBAP_Cause_PR_protocol; cause.choice.radioNetwork = HNBAP_CauseProtocol_unspecified; -- To view, visit https://gerrit.osmocom.org/c/osmo-hnbgw/+/39362?usp=email To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings?usp=email Gerrit-MessageType: newchange Gerrit-Project: osmo-hnbgw Gerrit-Branch: master Gerrit-Change-Id: I555f11cadc23ea231821bd48f7cd62953b022e9e Gerrit-Change-Number: 39362 Gerrit-PatchSet: 1 Gerrit-Owner: neels &lt;nhofmeyr(a)sysmocom.de&gt;