This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OpenBTS' transceiver retro-fit".
The branch, master has been updated
discards 68475102023be985d45698acb81b888f78db8728 (commit)
discards 7b9ac673752d8831a785bfc1af0029389f4814bf (commit)
via 2c650a6895f573e4455f55f0d1ed136ba8ae4744 (commit)
via d4555f267e284d14e9e877f8f82da8bcc2d76d7a (commit)
This update added new revisions after undoing existing revisions. That is
to say, the old revision is not a strict subset of the new revision. This
situation occurs when you --force push a change and generate a repository
containing something like this:
* -- * -- B -- O -- O -- O (68475102023be985d45698acb81b888f78db8728)
\
N -- N -- N (2c650a6895f573e4455f55f0d1ed136ba8ae4744)
When this happens we assume that you've already had alert emails for all
of the O revisions, and so we here report only the revisions in the N
branch from the common base, B.
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
http://cgit.osmocom.org/osmo-trx/commit/?id=2c650a6895f573e4455f55f0d1ed136…
commit 2c650a6895f573e4455f55f0d1ed136ba8ae4744
Author: Tom Tsou <tom.tsou(a)ettus.com>
Date: Thu Apr 28 21:55:17 2016 -0700
common: Add mandatory length field to UDP receive calls
Current UDP receive reads up to MAX_UDP_LENGTH bytes into the
passed in buffer, which may lead to buffer overflow if the
write buffer is of insufficient size.
Add mandatory length argument to UDP socket receive calls.
Reported-by: Simone Margaritelli <simone(a)zimperium.com>
Signed-off-by: Tom Tsou <tom.tsou(a)ettus.com>
http://cgit.osmocom.org/osmo-trx/commit/?id=d4555f267e284d14e9e877f8f82da8b…
commit d4555f267e284d14e9e877f8f82da8bcc2d76d7a
Author: Tom Tsou <tom.tsou(a)ettus.com>
Date: Thu Apr 28 21:24:53 2016 -0700
common: Restrict UDP binding to localhost only
Reported security vulnerability where control and data UDP
packets can be injected into the transceiver externally due
to socket binding to all interfaces using INADDR_ANY.
Existing socket interface does not allow specifying local
address; only the local port and remote address/port are
arguments.
Restrict socket bind to localhost with INADDR_LOOPBACK. If
external interfaces do need to be used, the API should be
modified to allow specifying the local socket address.
Reported-by: Simone Margaritelli <simone(a)zimperium.com>
Signed-off-by: Tom Tsou <tom.tsou(a)ettus.com>
-----------------------------------------------------------------------
Summary of changes:
hooks/post-receive
--
OpenBTS' transceiver retro-fit