Change in osmocom-bb[master]: trxcon: fix potential buffer overflow in l1ctl_proc_est_req_h1()

[fixeria]

fixeria has submitted this change. ( https://gerrit.osmocom.org/c/osmocom-bb/+/18542 )

Change subject: trxcon: fix potential buffer overflow in l1ctl_proc_est_req_h1()
......................................................................

trxcon: fix potential buffer overflow in l1ctl_proc_est_req_h1()

Change-Id: I10f03ca66412a4a7094b0f4a7319411d5d5818ef
---
M src/host/trxcon/l1ctl.c
1 file changed, 3 insertions(+), 0 deletions(-)

Approvals:
  neels: Looks good to me, but someone else must approve
  fixeria: Looks good to me, approved
  pespin: Looks good to me, but someone else must approve
  Jenkins Builder: Verified



diff --git a/src/host/trxcon/l1ctl.c b/src/host/trxcon/l1ctl.c
index 84e1ec6..192cdd1 100644
--- a/src/host/trxcon/l1ctl.c
+++ b/src/host/trxcon/l1ctl.c
@@ -606,6 +606,9 @@
 	if (!h->n) {
 		LOGP(DL1C, LOGL_ERROR, "No channels in mobile allocation?!?\n");
 		return -EINVAL;
+	} else if (h->n > ARRAY_SIZE(ma)) {
+		LOGP(DL1C, LOGL_ERROR, "More than 64 channels in mobile allocation?!?\n");
+		return -EINVAL;
 	}
 
 	/* Convert from network to host byte order */

-- 
To view, visit https://gerrit.osmocom.org/c/osmocom-bb/+/18542
To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings

Gerrit-Project: osmocom-bb
Gerrit-Branch: master
Gerrit-Change-Id: I10f03ca66412a4a7094b0f4a7319411d5d5818ef
Gerrit-Change-Number: 18542
Gerrit-PatchSet: 3
Gerrit-Owner: fixeria <vyanitskiy at sysmocom.de>
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: fixeria <vyanitskiy at sysmocom.de>
Gerrit-Reviewer: neels <nhofmeyr at sysmocom.de>
Gerrit-Reviewer: pespin <pespin at sysmocom.de>
Gerrit-MessageType: merged
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osmocom.org/pipermail/gerrit-log/attachments/20200610/001168d2/attachment.htm>