dexter has uploaded this change for review. ( https://gerrit.osmocom.org/c/osmo-pcu/+/31023 )

Change subject: pcu_l1_if: ignore frame numbers that exceed the valid range ......................................................................

pcu_l1_if: ignore frame numbers that exceed the valid range

osmo-bsc may send invalid frame numbers through the pcu-sock interface. Lets make sure that incoming frame numbers do not exceed the valid range.

Change-Id: Ib0cf1738be07733c95fc6c459a8a7c4cb2eeef26 Related: OS#5198 --- M src/pcu_l1_if.cpp 1 file changed, 7 insertions(+), 0 deletions(-)

git pull ssh://gerrit.osmocom.org:29418/osmo-pcu refs/changes/23/31023/1

diff --git a/src/pcu_l1_if.cpp b/src/pcu_l1_if.cpp index 810ce85..dadff8d 100644 --- a/src/pcu_l1_if.cpp +++ b/src/pcu_l1_if.cpp @@ -40,6 +40,7 @@ #include <osmocom/gsm/protocol/gsm_04_08.h> #include <osmocom/gsm/gsm48_rest_octets.h> #include <osmocom/gsm/sysinfo.h> +#include <osmocom/gsm/gsm0502.h>

#include <nacc_fsm.h> } @@ -623,6 +624,12 @@ "qta=%d, ra=0x%02x, fn=%u, cur_fn=%d, is_11bit=%d\n", rach_ind->sapi, rach_ind->qta, rach_ind->ra, rach_ind->fn, current_fn, rach_ind->is_11bit);

+ if (rach_ind->fn > GSM_TDMA_HYPERFRAME - 1) { + LOGP(DL1IF, LOGL_ERROR, "RACH request contains fn=%d that exceeds valid limits (0-%u) -- ignored!", + rach_ind->fn, GSM_TDMA_HYPERFRAME - 1); + return -EINVAL; + } + struct rach_ind_params rip = { .burst_type = (enum ph_burst_type) rach_ind->burst_type, .is_11bit = rach_ind->is_11bit > 0,