This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.
Harald Welte gerrit-no-reply at lists.osmocom.org
Review at https://gerrit.osmocom.org/6995
pcu_sock: Discard messages that are too short
The downstream code of pcu_sock.c doesn't contain any length checks,
so let's discard any messages that are shorter than the primitive
length.
Change-Id: I35ac84d4db6d21ea61afbd1864c810bbf601d69b
---
M src/common/pcu_sock.c
1 file changed, 6 insertions(+), 0 deletions(-)
git pull ssh://gerrit.osmocom.org:29418/osmo-bts refs/changes/95/6995/1
diff --git a/src/common/pcu_sock.c b/src/common/pcu_sock.c
index fa13f24..b810174 100644
--- a/src/common/pcu_sock.c
+++ b/src/common/pcu_sock.c
@@ -749,6 +749,12 @@
goto close;
}
+ if (rc < sizeof(*pcu_prim)) {
+ LOGP(DPCU, LOGL_ERROR, "Received %d bytes on PCU Socket, but primitive size "
+ "is %lu, discarding\n", rc, sizeof(*pcu_prim));
+ return 0;
+ }
+
rc = pcu_rx(state->net, pcu_prim->msg_type, pcu_prim);
/* as we always synchronously process the message in pcu_rx() and
--
To view, visit https://gerrit.osmocom.org/6995
To unsubscribe, visit https://gerrit.osmocom.org/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I35ac84d4db6d21ea61afbd1864c810bbf601d69b
Gerrit-PatchSet: 1
Gerrit-Project: osmo-bts
Gerrit-Branch: master
Gerrit-Owner: Harald Welte <laforge at gnumonks.org>