Review at https://gerrit.osmocom.org/2940
RSL: check for abnormal SI2q values
Check for impossible index and count values of SI2q messages. The limit
is defined in 3GPP TS 44.018 Table 10.5.2.33b.1
Change-Id: I351f8e8641a1cb9548154803da70bfde46ee180d
Fixes: CID 170749
---
M src/common/rsl.c
1 file changed, 6 insertions(+), 0 deletions(-)
git pull ssh://gerrit.osmocom.org:29418/osmo-bts refs/changes/40/2940/1
diff --git a/src/common/rsl.c b/src/common/rsl.c
index bb05dec..187a2e7 100644
--- a/src/common/rsl.c
+++ b/src/common/rsl.c
@@ -315,6 +315,12 @@
return rsl_tx_error_report(trx,
RSL_ERR_IE_CONTENT);
}
+ if (bts->si2q_index > SI2Q_MAX_NUM || bts->si2q_count >
SI2Q_MAX_NUM) {
+ LOGP(DRSL, LOGL_ERROR, " Rx RSL SI2quater witn
impossible parameters: index %u, count %u"
+ "should be <= %u\n", bts->si2q_index,
bts->si2q_count, SI2Q_MAX_NUM);
+ return rsl_tx_error_report(trx,
RSL_ERR_IE_CONTENT);
+ }
+
memset(GSM_BTS_SI2Q(bts, bts->si2q_index),
GSM_MACBLOCK_PADDING, sizeof(sysinfo_buf_t));
memcpy(GSM_BTS_SI2Q(bts, bts->si2q_index),
TLVP_VAL(&tp, RSL_IE_FULL_BCCH_INFO), len);
break;
--
To view, visit https://gerrit.osmocom.org/2940
To unsubscribe, visit https://gerrit.osmocom.org/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I351f8e8641a1cb9548154803da70bfde46ee180d
Gerrit-PatchSet: 1
Gerrit-Project: osmo-bts
Gerrit-Branch: master
Gerrit-Owner: Max <msur...@sysmocom.de>
