Attention is currently required from: laforge, pespin. Hello Jenkins Builder, laforge, pespin,

I'd like you to reexamine a change. Please visit

https://gerrit.osmocom.org/c/libosmo-pfcp/+/29039

to look at the new patch set (#3).

Change subject: gtlv: check memory bounds 1/3: encoding TLV ......................................................................

gtlv: check memory bounds 1/3: encoding TLV

Introduce a maximum bound of memory access to the osmo_gtlv API.

Properly pass const-ness within the gtlv implementation. This patch adds membof_const(). The following patch will add the non-const membof() equivalent, which is not needed in this patch, yet.

Coverity CID#275417 drew my attention to the fact that the gtlv decoding and encoding does not actually guard against access past the end of the decoded struct.

We have not yet officially released libosmo-gtlv; also, osmo-upf and osmo-hnbgw so far only use the libosmo-pfcp API, which "hides" the gtlv API. Hence just change the API without a backwards compat shim.

Related: CID#275417 Related: SYS#5599 Change-Id: Id8d997c9d5e655ff1842ec69eab6c073875c6330 --- M include/osmocom/gtlv/gtlv_dec_enc.h M src/libosmo-gtlv/gtlv_dec_enc.c M src/libosmo-gtlv/gtlv_gen.c M tests/libosmo-gtlv/gtlv_dec_enc_test.c 4 files changed, 32 insertions(+), 14 deletions(-)

git pull ssh://gerrit.osmocom.org:29418/libosmo-pfcp refs/changes/39/29039/3