Attention is currently required from: pespin, fixeria.
laforge has posted comments on this change. (
https://gerrit.osmocom.org/c/osmo-bsc/+/27620 )
Change subject: abis_rsl: always check return value of rsl_tlv_parse()
......................................................................
Patch Set 1: Code-Review+1
(1 comment)
File src/osmo-bsc/abis_rsl.c:
https://gerrit.osmocom.org/c/osmo-bsc/+/27620/comment/9073e797_aaec0ecc
PS1, Line 1224: if (rsl_tlv_parse(&tp, dh->data, msgb_l2len(msg) - sizeof(*dh))
< 0) {
You probably need to check that msgb_l2len(msg) >=
sizeof(*dh) before derreferencing dh below. […]
abis_rsl_rcvmsg() is checking for
'sizeof(struct abis_rsl_common_hdr)' length. Since only dh->c ('c' is
the common part) is dereferenced, it's fine.
However, I think the check for the larger 'sizeof(struct abis_rsl_rx_dchan)'
should go into the start of abis_rsl_rx_dchan(), whre we already dereference the chan_nr
information element. Unrelated additional patch.
--
To view, visit
https://gerrit.osmocom.org/c/osmo-bsc/+/27620
To unsubscribe, or for help writing mail filters, visit
https://gerrit.osmocom.org/settings
Gerrit-Project: osmo-bsc
Gerrit-Branch: master
Gerrit-Change-Id: Id022628934e7d51ce66cb255baa88f24bf5c918a
Gerrit-Change-Number: 27620
Gerrit-PatchSet: 1
Gerrit-Owner: fixeria <vyanitskiy(a)sysmocom.de>
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: laforge <laforge(a)osmocom.org>
Gerrit-CC: pespin <pespin(a)sysmocom.de>
Gerrit-Attention: pespin <pespin(a)sysmocom.de>
Gerrit-Attention: fixeria <vyanitskiy(a)sysmocom.de>
Gerrit-Comment-Date: Thu, 31 Mar 2022 17:42:03 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: Yes
Comment-In-Reply-To: pespin <pespin(a)sysmocom.de>
Gerrit-MessageType: comment