This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.
Stefan Sperling gerrit-no-reply at lists.osmocom.orgHello Jenkins Builder, I'd like you to reexamine a change. Please visit https://gerrit.osmocom.org/5689 to look at the new patch set (#2). TLVP_PRESENT() should not return TRUE after tlv_parse() fails. If the length provided in the patcket exceeds the buffer length, tlv_parse() returns -2 but leaves tlv.val and tlv.len initializd. Many callers of tlv_parse() do not check its return value, but rely on TLVP_PRESENT() to see if a particular TLV was parsed successfully. By clearing tlv.val and tlv.len we make it less likely that those callers will use an overlong TLV length value. Change-Id: I4dda6938e1650b4bcaac45809a4763f86f5a9794 --- M src/gsm/tlv_parser.c 1 file changed, 8 insertions(+), 2 deletions(-) git pull ssh://gerrit.osmocom.org:29418/libosmocore refs/changes/89/5689/2 diff --git a/src/gsm/tlv_parser.c b/src/gsm/tlv_parser.c index ead856c..6185616 100644 --- a/src/gsm/tlv_parser.c +++ b/src/gsm/tlv_parser.c @@ -244,8 +244,11 @@ dec->lv[lv_tag].val = &buf[ofs+1]; dec->lv[lv_tag].len = buf[ofs]; len = dec->lv[lv_tag].len + 1; - if (ofs + len > buf_len) + if (ofs + len > buf_len) { + dec->lv[lv_tag].val = 0; + dec->lv[lv_tag].len = 0; return -2; + } num_parsed++; ofs += len; } @@ -255,8 +258,11 @@ dec->lv[lv_tag2].val = &buf[ofs+1]; dec->lv[lv_tag2].len = buf[ofs]; len = dec->lv[lv_tag2].len + 1; - if (ofs + len > buf_len) + if (ofs + len > buf_len) { + dec->lv[lv_tag2].val = 0; + dec->lv[lv_tag2].len = 0; return -2; + } num_parsed++; ofs += len; } -- To view, visit https://gerrit.osmocom.org/5689 To unsubscribe, visit https://gerrit.osmocom.org/settings Gerrit-MessageType: newpatchset Gerrit-Change-Id: I4dda6938e1650b4bcaac45809a4763f86f5a9794 Gerrit-PatchSet: 2 Gerrit-Project: libosmocore Gerrit-Branch: master Gerrit-Owner: Stefan Sperling <ssperling at sysmocom.de> Gerrit-Reviewer: Jenkins Builder