This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.
Stefan Sperling gerrit-no-reply at lists.osmocom.orgStefan Sperling has uploaded this change for review. ( https://gerrit.osmocom.org/11876 Change subject: consistently check the result of osmo_shift_v_fixed() ...................................................................... consistently check the result of osmo_shift_v_fixed() Coverity points out we forgot to check the return value of osmo_shift_v_fixed() in some places. Add checks which verify the expected length of data which is skipped by the parser. Change-Id: I20406f411810e966443d6fd5a4620b9a66cd9809 Related: CID#135160 --- M src/gprs/gprs_gb_parse.c 1 file changed, 10 insertions(+), 5 deletions(-) git pull ssh://gerrit.osmocom.org:29418/osmo-sgsn refs/changes/76/11876/1 diff --git a/src/gprs/gprs_gb_parse.c b/src/gprs/gprs_gb_parse.c index 18565ae..93b90a2 100644 --- a/src/gprs/gprs_gb_parse.c +++ b/src/gprs/gprs_gb_parse.c @@ -46,7 +46,8 @@ /* Skip Attach type */ /* Skip Ciphering key sequence number */ /* Skip DRX parameter */ - osmo_shift_v_fixed(&data, &data_len, 3, NULL); + if (osmo_shift_v_fixed(&data, &data_len, 3, NULL) < 3) + return 0; /* Get Mobile identity */ if (osmo_shift_lv(&data, &data_len, &value, &value_len) <= 0 || @@ -82,7 +83,8 @@ /* Skip Periodic RA update timer */ /* Skip Radio priority for SMS */ /* Skip Spare half octet */ - osmo_shift_v_fixed(&data, &data_len, 3, NULL); + if (osmo_shift_v_fixed(&data, &data_len, 3, NULL) < 3) + return 0; if (osmo_shift_v_fixed(&data, &data_len, 6, &value) <= 0) return 0; @@ -170,7 +172,8 @@ /* Skip Update type */ /* Skip GPRS ciphering key sequence number */ - osmo_shift_v_fixed(&data, &data_len, 1, NULL); + if (osmo_shift_v_fixed(&data, &data_len, 1, NULL) < 1) + return 0; if (osmo_shift_v_fixed(&data, &data_len, 6, &value) <= 0) return 0; @@ -221,7 +224,8 @@ /* Skip Force to standby */ /* Skip Update result */ /* Skip Periodic RA update timer */ - osmo_shift_v_fixed(&data, &data_len, 2, NULL); + if (osmo_shift_v_fixed(&data, &data_len, 2, NULL) < 2) + return 0; if (osmo_shift_v_fixed(&data, &data_len, 6, &value) <= 0) return 0; @@ -299,7 +303,8 @@ /* Skip Requested NSAPI */ /* Skip Requested LLC SAPI */ - osmo_shift_v_fixed(&data, &data_len, 2, NULL); + if (osmo_shift_v_fixed(&data, &data_len, 2, NULL) < 2) + return 0; /* Skip Requested QoS (support 04.08 and 24.008) */ if (osmo_shift_lv(&data, &data_len, NULL, &value_len) <= 0 || -- To view, visit https://gerrit.osmocom.org/11876 To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: osmo-sgsn Gerrit-Branch: master Gerrit-MessageType: newchange Gerrit-Change-Id: I20406f411810e966443d6fd5a4620b9a66cd9809 Gerrit-Change-Number: 11876 Gerrit-PatchSet: 1 Gerrit-Owner: Stefan Sperling <ssperling at sysmocom.de> -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.osmocom.org/pipermail/gerrit-log/attachments/20181122/e599efea/attachment.htm>