Change in osmo-bsc[master]: abis_rsl: always check return value of rsl_tlv_parse() - gerrit-log

31 Mar 2022


      Attention is currently required from: pespin, fixeria.
laforge has posted comments on this change. ( https://gerrit.osmocom.org/c/osmo-bsc/+/27620 )
Change subject: abis_rsl: always check return value of rsl_tlv_parse()
......................................................................
Patch Set 1: Code-Review+1
(1 comment)
File src/osmo-bsc/abis_rsl.c:
https://gerrit.osmocom.org/c/osmo-bsc/+/27620/comment/9073e797_aaec0ecc 
PS1, Line 1224: 	if (rsl_tlv_parse(&tp, dh->data, msgb_l2len(msg) - sizeof(*dh)) < 0) {
...
You probably need to check that msgb_l2len(msg) >= sizeof(*dh) before derreferencing dh below. […]
abis_rsl_rcvmsg() is checking for 'sizeof(struct abis_rsl_common_hdr)' length.  Since only dh->c ('c' is the common part) is dereferenced, it's fine.
However, I think the check for the larger 'sizeof(struct abis_rsl_rx_dchan)' should go into the start of abis_rsl_rx_dchan(), whre we already dereference the chan_nr information element. Unrelated additional patch.
-- 
To view, visit https://gerrit.osmocom.org/c/osmo-bsc/+/27620
To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings

Gerrit-Project: osmo-bsc
Gerrit-Branch: master
Gerrit-Change-Id: Id022628934e7d51ce66cb255baa88f24bf5c918a
Gerrit-Change-Number: 27620
Gerrit-PatchSet: 1
Gerrit-Owner: fixeria vyanitskiy@sysmocom.de
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: laforge laforge@osmocom.org
Gerrit-CC: pespin pespin@sysmocom.de
Gerrit-Attention: pespin pespin@sysmocom.de
Gerrit-Attention: fixeria vyanitskiy@sysmocom.de
Gerrit-Comment-Date: Thu, 31 Mar 2022 17:42:03 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: Yes
Comment-In-Reply-To: pespin pespin@sysmocom.de
Gerrit-MessageType: comment