Max has submitted this change and it was merged. Change subject: Fix BTS features length check ......................................................................
Fix BTS features length check While fixing potentially incorrect memory access, the check for maximum number of supported BTS features was incorrectly adjusted instead of feature vectore length check next to it. Fix this by adjusting checks properly and adding comments to avoid future confusion. The error was introduced in a60bb3dd28ce9e3720f8ee1b262893f3e233e2e6. Change-Id: I06d2498d730624d5da535f6add6fa98d004714ae --- M openbsc/src/libbsc/abis_nm.c 1 file changed, 4 insertions(+), 4 deletions(-) Approvals: Harald Welte: Looks good to me, approved Jenkins Builder: Verified diff --git a/openbsc/src/libbsc/abis_nm.c b/openbsc/src/libbsc/abis_nm.c index 1715688..019d039 100644 --- a/openbsc/src/libbsc/abis_nm.c +++ b/openbsc/src/libbsc/abis_nm.c @@ -484,13 +484,13 @@ if (TLVP_PRES_LEN(&tp, NM_ATT_MANUF_ID, 2)) { m_id_len = TLVP_LEN(&tp, NM_ATT_MANUF_ID); - if (m_id_len > MAX_BTS_FEATURES/8 + 1) { + /* log potential BTS feature vector overflow */ + if (m_id_len > sizeof(bts->_features_data)) LOGP(DNM, LOGL_NOTICE, "BTS%u Get Attributes Response: feature vector is truncated to %u bytes\n", bts->nr, MAX_BTS_FEATURES/8); - m_id_len = MAX_BTS_FEATURES/8; - } - if (m_id_len > sizeof(bts->_features_data)) + /* check that max. expected BTS attribute is above given feature vector length */ + if (m_id_len > OSMO_BYTES_FOR_BITS(_NUM_BTS_FEAT)) LOGP(DNM, LOGL_NOTICE, "BTS%u Get Attributes Response: reported unexpectedly long (%u bytes) " "feature vector - most likely it was compiled against newer BSC headers. " "Consider upgrading your BSC to later version.\n", -- To view, visit https://gerrit.osmocom.org/2900 To unsubscribe, visit https://gerrit.osmocom.org/settings Gerrit-MessageType: merged Gerrit-Change-Id: I06d2498d730624d5da535f6add6fa98d004714ae Gerrit-PatchSet: 3 Gerrit-Project: openbsc Gerrit-Branch: master Gerrit-Owner: Max <msur...@sysmocom.de> Gerrit-Reviewer: Harald Welte <lafo...@gnumonks.org> Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: Max <msur...@sysmocom.de> Gerrit-Reviewer: Neels Hofmeyr <nhofm...@sysmocom.de>