This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/OpenBSC@lists.osmocom.org/.
Holger Hans Peter Freyther holger at freyther.deOn Sun, Apr 20, 2014 at 04:30:20PM +0200, Holger Hans Peter Freyther wrote: ping? > > i had that patch done already. (see attachment) > > what was the message id? I didn't see it. Could you please answer this one? > This lacks input validation. The code needs to check that the data > we read is within the bounds of the msgb and the data we write is within > the bounds too. Do you understand the severity? It is this kind of issue that OpenSSL had with hearbleed. In this case our length is only a uint8_t and our msgb is most likely over-allocated so we might be lucky that nothing else will be leaked from the application. holger