25 Dec
2017
25 Dec
'17
12:55 a.m.
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "Osmocom code for Iuh interface".
The branch, master has been updated
via 6eeef115a9096b954dd6d873978abbb28055d301 (commit)
from 66d6d760aab222c91bec5134c228ffc13f463235 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
http://cgit.osmocom.org/osmo-iuh/commit/?id=6eeef115a9096b954dd6d873978abbb…
commit 6eeef115a9096b954dd6d873978abbb28055d301
Author: Neels Hofmeyr <neels(a)hofmeyr.de>
Date: Wed Dec 20 23:14:45 2017 +0100
hnbap,rua,ranap decode: fix segfault on decode error
Looking at hnbap_decode_hnbregisterrequesties(), I noticed a segfault if
decoding the HNB Register Request PDU fails, which is due to an unchecked
return value in code generated by asn1tostruct.py.
Add return value and NULL pointer checks and hence fix null dereference on
erratic PDUs across HNBAP, RUA and RANAP protocols. Similar checks exist in
other places, this one was simply missing.
Since the result of asn1tostruct.py is not committed, here is an example diff
of the resulting change, of which there are 128 instances in total:
@@ -304,7 +329,12 @@
memset(hnbRegisterRequestIEs, 0, sizeof(HNBRegisterRequestIEs_t));
HNBAP_DEBUG("Decoding message HNBRegisterRequestIEs (%s:%d)\n",
__FILE__, __LINE__);
- ANY_to_type_aper(any_p, &asn_DEF_HNBRegisterRequest,
(void**)&hNBRegisterRequest_p);
+ tempDecoded = ANY_to_type_aper(any_p, &asn_DEF_HNBRegisterRequest,
(void**)&hNBRegisterRequest_p);
+
+ if (tempDecoded < 0 || hNBRegisterRequest_p == NULL) {
+ HNBAP_DEBUG("Decoding of message HNBRegisterRequestIEs failed\n");
+ return -1;
+ }
for (i = 0; i < hNBRegisterRequest_p->hnbRegisterRequest_ies.list.count;
i++) {
IE_t *ie_p;
Change-Id: I6cb9cc9a88d22f03befa43f0968a874476fa079d
-----------------------------------------------------------------------
Summary of changes:
asn1/utils/asn1tostruct.py | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
hooks/post-receive
--
Osmocom code for Iuh interface