[PATCH 4/9] Add support for AMR frames to MNCC/RTP interface

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/OpenBSC@lists.osmocom.org/.

Holger Hans Peter Freyther holger at freyther.de
Tue Apr 29 06:52:19 UTC 2014


On Sun, Apr 20, 2014 at 04:30:20PM +0200, Holger Hans Peter Freyther wrote:

ping?

> > i had that patch done already. (see attachment)
> 
> what was the message id?  I didn't see it.

Could you please answer this one?

> This lacks input validation. The code needs to check that the data
> we read is within the bounds of the msgb and the data we write is within
> the bounds too.

Do you understand the severity? It is this kind of issue that OpenSSL
had with hearbleed. In this case our length is only a uint8_t and our
msgb is most likely over-allocated so we might be lucky that nothing
else will be leaked from the application.

holger




More information about the OpenBSC mailing list