[PATCH 6/6] osmux: Remember the allocated CID and make sure it is release

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/OpenBSC@lists.osmocom.org/.

Holger Freyther holger at freyther.de
Thu Oct 8 14:45:20 UTC 2015


> On 04 Oct 2015, at 11:22, Holger Hans Peter Freyther <holger at freyther.de> wrote:
> 
> 
> +		uint8_t allocated_cid;

...

> +	endp->osmux.allocated_cid = -1;


that doesn't mix too well. This means I assigned 255 to the value and then we have
the next funny business in:

        char osmux_extension[strlen("X-Osmux: 255")];

        buf[0] = buf[39] = '\0';
        ret = sscanf(tok, "%*s %s", buf);
        if (ret != 1) {
                LOGP(DMGCP, LOGL_ERROR,
                        "Failed to find Endpoint in: %s\n", tok);
                return;
        }

        if (osmux_cid >= 0)
                sprintf(osmux_extension, "\nX-Osmux: %u", osmux_cid);


1.) osmux_extension doesn't account for the \n
2.) osmux_extension doesn't account for the \0 at the end of the string
3.) we use '%u' so nothing in this method checks if this is a uint8_t.

I will increase the buffer a bit. This would have started to crash on
tripple digit osmux cid's (so on setup of the 101st call).

holger







More information about the OpenBSC mailing list