Change in osmocom-bb[master]: layer23: always check return value of rsl_tlv_parse() - gerrit-log

28 Nov 2022

fixeria has uploaded this change for review. ( https://gerrit.osmocom.org/c/osmocom-bb/+/30359 )
Change subject: layer23: always check return value of rsl_tlv_parse()
......................................................................
layer23: always check return value of rsl_tlv_parse()
Similar to rsl_dec_chan_nr(), this function may also fail, leaving
the given struct tlv_parsed uninitialized.
Change-Id: I13f2a97eeff78ca8ed7d0a2844e4fca430ec7768
Related: OS#5599
---
M src/host/layer23/src/misc/app_cbch_sniff.c
M src/host/layer23/src/misc/cell_log.c
M src/host/layer23/src/misc/rslms.c
M src/host/layer23/src/mobile/gsm48_rr.c
4 files changed, 20 insertions(+), 4 deletions(-)
git pull ssh://gerrit.osmocom.org:29418/osmocom-bb refs/changes/59/30359/1

diff --git a/src/host/layer23/src/misc/app_cbch_sniff.c b/src/host/layer23/src/misc/app_cbch_sniff.c
index 3ef1449..76d4537 100644
--- a/src/host/layer23/src/misc/app_cbch_sniff.c
+++ b/src/host/layer23/src/misc/app_cbch_sniff.c
@@ -111,7 +111,11 @@
    DEBUGP(DRSL, "RSLms UNIT DATA IND chan_nr=0x%02x link_id=0x%02x\n",
    	rllh->chan_nr, rllh->link_id);
-	rsl_tlv_parse(&tv, rllh->data, msgb_l2len(msg)-sizeof(*rllh));
+	if (rsl_tlv_parse(&tv, rllh->data, msgb_l2len(msg) - sizeof(*rllh)) < 0) {
+		LOGP(DRSL, LOGL_ERROR, "%s(): rsl_tlv_parse() failed\n", __func__);
+		return -EINVAL;
+	}
+
    if (!TLVP_PRESENT(&tv, RSL_IE_L3_INFO)) {
    	DEBUGP(DRSL, "UNIT_DATA_IND without L3 INFO ?!?\n");
    	return -EIO;
diff --git a/src/host/layer23/src/misc/cell_log.c b/src/host/layer23/src/misc/cell_log.c
index 8b68c3c..eee008c 100644
--- a/src/host/layer23/src/misc/cell_log.c
+++ b/src/host/layer23/src/misc/cell_log.c
@@ -669,7 +669,11 @@
    DEBUGP(DRSL, "RSLms UNIT DATA IND chan_nr=0x%02x link_id=0x%02x\n",
    	rllh->chan_nr, rllh->link_id);
-	rsl_tlv_parse(&tv, rllh->data, msgb_l2len(msg)-sizeof(*rllh));
+	if (rsl_tlv_parse(&tv, rllh->data, msgb_l2len(msg) - sizeof(*rllh)) < 0) {
+		LOGP(DRSL, LOGL_ERROR, "%s(): rsl_tlv_parse() failed\n", __func__);
+		return -EINVAL;
+	}
+
    if (!TLVP_PRESENT(&tv, RSL_IE_L3_INFO)) {
    	DEBUGP(DRSL, "UNIT_DATA_IND without L3 INFO ?!?\n");
    	return -EIO;
diff --git a/src/host/layer23/src/misc/rslms.c b/src/host/layer23/src/misc/rslms.c
index b729c1c..f7f6fcd 100644
--- a/src/host/layer23/src/misc/rslms.c
+++ b/src/host/layer23/src/misc/rslms.c
@@ -61,7 +61,11 @@
    DEBUGP(DRSL, "RSLms UNIT DATA IND chan_nr=0x%02x link_id=0x%02x\n",
    	rllh->chan_nr, rllh->link_id);
-	rsl_tlv_parse(&tv, rllh->data, msgb_l2len(msg)-sizeof(*rllh));
+	if (rsl_tlv_parse(&tv, rllh->data, msgb_l2len(msg) - sizeof(*rllh)) < 0) {
+		LOGP(DRSL, LOGL_ERROR, "%s(): rsl_tlv_parse() failed\n", __func__);
+		return -EINVAL;
+	}
+
    if (!TLVP_PRESENT(&tv, RSL_IE_L3_INFO)) {
    	DEBUGP(DRSL, "UNIT_DATA_IND without L3 INFO ?!?\n");
    	return -EIO;
diff --git a/src/host/layer23/src/mobile/gsm48_rr.c b/src/host/layer23/src/mobile/gsm48_rr.c
index 884e426..2d89d7a 100644
--- a/src/host/layer23/src/mobile/gsm48_rr.c
+++ b/src/host/layer23/src/mobile/gsm48_rr.c
@@ -4873,7 +4873,11 @@
    DEBUGP(DRSL, "RSLms UNIT DATA IND chan_nr=0x%02x link_id=0x%02x\n",
    	rllh->chan_nr, rllh->link_id);
-	rsl_tlv_parse(&tv, rllh->data, msgb_l2len(msg)-sizeof(*rllh));
+	if (rsl_tlv_parse(&tv, rllh->data, msgb_l2len(msg) - sizeof(*rllh)) < 0) {
+		LOGP(DRSL, LOGL_ERROR, "%s(): rsl_tlv_parse() failed\n", __func__);
+		return -EINVAL;
+	}
+
    if (!TLVP_PRESENT(&tv, RSL_IE_L3_INFO)) {
    	DEBUGP(DRSL, "UNIT_DATA_IND without L3 INFO ?!?\n");
    	return -EIO;
-- 
To view, visit https://gerrit.osmocom.org/c/osmocom-bb/+/30359
To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings

Gerrit-Project: osmocom-bb
Gerrit-Branch: master
Gerrit-Change-Id: I13f2a97eeff78ca8ed7d0a2844e4fca430ec7768
Gerrit-Change-Number: 30359
Gerrit-PatchSet: 1
Gerrit-Owner: fixeria vyanitskiy@sysmocom.de
Gerrit-MessageType: newchange



    