fixeria has submitted this change. (
https://gerrit.osmocom.org/c/osmo-bsc/+/27624 )
Change subject: abis_rsl: Ensure message length is sufficient for respective header
......................................................................
abis_rsl: Ensure message length is sufficient for respective header
Change-Id: I63b64f1f241de3a76f9b66ed2cf524cc88933062
---
M src/osmo-bsc/abis_rsl.c
1 file changed, 17 insertions(+), 1 deletion(-)
Approvals:
Jenkins Builder: Verified
fixeria: Looks good to me, but someone else must approve
pespin: Looks good to me, approved
diff --git a/src/osmo-bsc/abis_rsl.c b/src/osmo-bsc/abis_rsl.c
index 6681875..822d39a 100644
--- a/src/osmo-bsc/abis_rsl.c
+++ b/src/osmo-bsc/abis_rsl.c
@@ -1502,6 +1502,9 @@
int rc = 0;
struct e1inp_sign_link *sign_link = msg->dst;
+ if (msgb_l2len(msg) < sizeof(*rslh))
+ return -EINVAL;
+
if (rslh->ie_chan != RSL_IE_CHAN_NR) {
LOGP(DRSL, LOGL_ERROR,
"Rx RSL DCHAN: invalid RSL header, expecting Channel Number IE tag, got
0x%x\n",
@@ -1602,6 +1605,9 @@
struct tlv_parsed tp;
struct e1inp_sign_link *sign_link = msg->dst;
+ if (msgb_l2len(msg) < sizeof(*rslh))
+ return -EINVAL;
+
rsl_tlv_parse(&tp, rslh->data, msgb_l2len(msg)-sizeof(*rslh));
LOGP(DRSL, LOGL_ERROR, "%s ERROR REPORT%s\n",
@@ -2403,6 +2409,9 @@
struct rate_ctr_group *bts_ctrs = sign_link->trx->bts->bts_ctrs;
int rc = 0;
+ if (msgb_l2len(msg) < sizeof(*rslh))
+ return -EINVAL;
+
msg->lchan = lchan_lookup(sign_link->trx, rslh->chan_nr,
"Abis RSL rx CCHAN: ");
@@ -2472,8 +2481,12 @@
struct e1inp_sign_link *sign_link = msg->dst;
struct abis_rsl_rll_hdr *rllh = msgb_l2(msg);
int rc = 0;
- uint8_t sapi = rllh->link_id & 0x7;
+ uint8_t sapi;
+ if (msgb_l2len(msg) < sizeof(*rllh))
+ return -1;
+
+ sapi = rllh->link_id & 0x7;
msg->lchan = lchan_lookup(sign_link->trx, rllh->chan_nr, "Abis RSL rx RLL:
");
switch (rllh->c.msg_type) {
@@ -2895,6 +2908,9 @@
struct abis_rsl_rll_hdr *rllh = msgb_l2(msg);
int rc = 0;
+ if (msgb_l2len(msg) < sizeof(*rllh))
+ return -EINVAL;
+
msg->lchan = lchan_lookup(sign_link->trx, rllh->chan_nr,
"Abis RSL rx IPACC: ");
1 is the latest approved patch-set.
No files were changed between the latest approved patch-set and the submitted one.
--
To view, visit
https://gerrit.osmocom.org/c/osmo-bsc/+/27624
To unsubscribe, or for help writing mail filters, visit
https://gerrit.osmocom.org/settings
Gerrit-Project: osmo-bsc
Gerrit-Branch: master
Gerrit-Change-Id: I63b64f1f241de3a76f9b66ed2cf524cc88933062
Gerrit-Change-Number: 27624
Gerrit-PatchSet: 2
Gerrit-Owner: laforge <laforge(a)osmocom.org>
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: fixeria <vyanitskiy(a)sysmocom.de>
Gerrit-Reviewer: pespin <pespin(a)sysmocom.de>
Gerrit-MessageType: merged