This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.
fixeria gerrit-no-reply at lists.osmocom.orgfixeria has uploaded this change for review. ( https://gerrit.osmocom.org/c/osmo-bts/+/23863 )
Change subject: osmo-bts-trx: generalize checking of TRXD header length
......................................................................
osmo-bts-trx: generalize checking of TRXD header length
Change-Id: I7df851c3afb82133f84dc805e0926438a90efe07
Related: SYS#4895, OS#4941, OS#4006
---
M src/osmo-bts-trx/trx_if.c
1 file changed, 14 insertions(+), 16 deletions(-)
git pull ssh://gerrit.osmocom.org:29418/osmo-bts refs/changes/63/23863/1
diff --git a/src/osmo-bts-trx/trx_if.c b/src/osmo-bts-trx/trx_if.c
index 0beb941..28b5f2e 100644
--- a/src/osmo-bts-trx/trx_if.c
+++ b/src/osmo-bts-trx/trx_if.c
@@ -723,19 +723,17 @@
/* Uplink TRXDv1 header length: additional MTS + C/I */
#define TRX_UL_V1HDR_LEN (TRX_UL_V0HDR_LEN + 1 + 2)
+/* Minimum Uplink TRXD header length for all PDU versions */
+static const uint8_t trx_data_rx_hdr_len[] = {
+ TRX_UL_V0HDR_LEN, /* TRXDv0 */
+ TRX_UL_V1HDR_LEN, /* TRXDv1 */
+};
+
/* TRXD header dissector for version 0 */
static int trx_data_handle_hdr_v0(struct trx_l1h *l1h,
struct trx_ul_burst_ind *bi,
const uint8_t *buf, size_t buf_len)
{
- /* Make sure we have enough data */
- if (buf_len < TRX_UL_V0HDR_LEN) {
- LOGPPHI(l1h->phy_inst, DTRX, LOGL_ERROR,
- "Short read on TRXD, missing version 0 header "
- "(len=%zu vs expected %d)\n", buf_len, TRX_UL_V0HDR_LEN);
- return -EIO;
- }
-
bi->tn = buf[0] & 0b111;
bi->fn = osmo_load32be(buf + 1);
bi->rssi = -(int8_t)buf[5];
@@ -785,14 +783,6 @@
{
int rc;
- /* Make sure we have enough data */
- if (buf_len < TRX_UL_V1HDR_LEN) {
- LOGPPHI(l1h->phy_inst, DTRX, LOGL_ERROR,
- "Short read on TRXD, missing version 1 header "
- "(len=%zu vs expected %d)\n", buf_len, TRX_UL_V1HDR_LEN);
- return -EIO;
- }
-
/* Parse v0 specific part */
rc = trx_data_handle_hdr_v0(l1h, bi, buf, buf_len);
if (rc < 0)
@@ -948,6 +938,14 @@
return -EIO;
}
+ /* Make sure that we have enough bytes to parse the header */
+ if (buf_len < trx_data_rx_hdr_len[pdu_ver]) {
+ LOGPPHI(l1h->phy_inst, DTRX, LOGL_ERROR,
+ "Rx malformed TRXDv%u PDU: len=%zd < expected %u\n",
+ pdu_ver, buf_len, trx_data_rx_hdr_len[pdu_ver]);
+ return -EINVAL;
+ }
+
/* Parse header depending on the PDU version */
switch (pdu_ver) {
case 0:
--
To view, visit https://gerrit.osmocom.org/c/osmo-bts/+/23863
To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings
Gerrit-Project: osmo-bts
Gerrit-Branch: master
Gerrit-Change-Id: I7df851c3afb82133f84dc805e0926438a90efe07
Gerrit-Change-Number: 23863
Gerrit-PatchSet: 1
Gerrit-Owner: fixeria <vyanitskiy at sysmocom.de>
Gerrit-MessageType: newchange
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osmocom.org/pipermail/gerrit-log/attachments/20210422/7594a680/attachment.htm>