Change in osmo-msc[master]: gsm_04_14: fix off-by-one error in create_gsm0414_msg()

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.

fixeria gerrit-no-reply at lists.osmocom.org
Wed Jul 29 12:54:42 UTC 2020 

fixeria has submitted this change. ( https://gerrit.osmocom.org/c/osmo-msc/+/19426 )

Change subject: gsm_04_14: fix off-by-one error in create_gsm0414_msg()
......................................................................

gsm_04_14: fix off-by-one error in create_gsm0414_msg()

This byte is redundant, and must not be allocated in this function.
A consequence of this error is that the MS alwats interprets the
"Sub-channel" IE as test loop A regardless of the specified type.

Here is an example of malformed Close TCH loop (type C) message:

  0f 00 00 04
  x. .. .. ..  - Skip indicator (see 3GPP TS 24.007)
  .x .. .. ..  - Protocol discriminator (see 3GPP TS 24.007)
  .. xx .. ..  - Message type (CLOSE_TCH_LOOP_CMD)
  .. .. !! ..  - (!) Redundant byte from create_gsm0414_msg()
  .. .. .. xx  - (!) The actual "Sub-channel" IE (loop C, X=0)

Change-Id: Ia47225b884439dcd43be307e7351994e55fcd50d
---
M src/libmsc/gsm_04_14.c
1 file changed, 1 insertion(+), 1 deletion(-)

Approvals:
  Jenkins Builder: Verified
  pespin: Looks good to me, but someone else must approve
  Hoernchen: Looks good to me, approved



diff --git a/src/libmsc/gsm_04_14.c b/src/libmsc/gsm_04_14.c
index 8116558..03c06fd 100644
--- a/src/libmsc/gsm_04_14.c
+++ b/src/libmsc/gsm_04_14.c
@@ -43,7 +43,7 @@
 	struct msgb *msg = gsm48_msgb_alloc_name("GSM 04.14");
 	struct gsm48_hdr *gh;
 
-	gh = (struct gsm48_hdr *) msgb_put(msg, sizeof(*gh) + 1);
+	gh = (struct gsm48_hdr *) msgb_put(msg, sizeof(*gh));
 	gh->proto_discr = GSM48_PDISC_TEST;
 	gh->msg_type = msg_type;
 	return msg;

-- 
To view, visit https://gerrit.osmocom.org/c/osmo-msc/+/19426
To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings

Gerrit-Project: osmo-msc
Gerrit-Branch: master
Gerrit-Change-Id: Ia47225b884439dcd43be307e7351994e55fcd50d
Gerrit-Change-Number: 19426
Gerrit-PatchSet: 1
Gerrit-Owner: fixeria <vyanitskiy at sysmocom.de>
Gerrit-Reviewer: Hoernchen <ewild at sysmocom.de>
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: fixeria <vyanitskiy at sysmocom.de>
Gerrit-Reviewer: laforge <laforge at osmocom.org>
Gerrit-Reviewer: pespin <pespin at sysmocom.de>
Gerrit-MessageType: merged
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osmocom.org/pipermail/gerrit-log/attachments/20200729/d9df584f/attachment.htm>

More information about the gerrit-log mailing list