[S] Change in osmo-bts[master]: rsl: parse RSL_IE_OSMO_OSMUX_CID correctly

Thu, 23 May 2024 09:19:52 -0700 

falconia has submitted this change. ( 
https://gerrit.osmocom.org/c/osmo-bts/+/36908?usp=email )

Change subject: rsl: parse RSL_IE_OSMO_OSMUX_CID correctly
......................................................................

rsl: parse RSL_IE_OSMO_OSMUX_CID correctly

This IE has TLV format, even though the only valid form is a single
value octet.  To guard against pathological input with L=0 in this IE,
we have to check the length explicitly with TLVP_PRES_LEN before
accepting TLVP_VAL as if it was TV.

Change-Id: I15fa75b6c30d7fa0bf50424d25fc47a088dada0a
---
M src/common/rsl.c
1 file changed, 19 insertions(+), 2 deletions(-)

Approvals:
  pespin: Looks good to me, approved
  Jenkins Builder: Verified
  laforge: Looks good to me, but someone else must approve




diff --git a/src/common/rsl.c b/src/common/rsl.c
index fa5f495..40690f0 100644
--- a/src/common/rsl.c
+++ b/src/common/rsl.c
@@ -2978,7 +2978,8 @@
        struct tlv_parsed tp;
        struct gsm_lchan *lchan = msg->lchan;
        struct gsm_bts *bts = lchan->ts->trx->bts;
-       const uint8_t *payload_type, *speech_mode, *payload_type2, *osmux_cid, 
*csd_fmt;
+       const uint8_t *payload_type, *speech_mode, *payload_type2, *csd_fmt;
+       const uint8_t *osmux_cid = NULL;
        uint32_t connect_ip = 0;
        uint16_t connect_port = 0;
        int rc, inc_ip_port = 0;
@@ -3029,7 +3030,9 @@
        if (payload_type2)
                LOGPC(DRSL, LOGL_DEBUG, "payload_type2=%u ", *payload_type2);

-       osmux_cid = TLVP_VAL(&tp, RSL_IE_OSMO_OSMUX_CID);
+       /* this IE has TLV format when TV would have been good enough */
+       if (TLVP_PRES_LEN(&tp, RSL_IE_OSMO_OSMUX_CID, 1))
+               osmux_cid = TLVP_VAL(&tp, RSL_IE_OSMO_OSMUX_CID);
        if (osmux_cid)
                LOGPC(DRSL, LOGL_DEBUG, "osmux_cid=%u ", *osmux_cid);


--
To view, visit https://gerrit.osmocom.org/c/osmo-bts/+/36908?usp=email
To unsubscribe, or for help writing mail filters, visit 
https://gerrit.osmocom.org/settings

Gerrit-Project: osmo-bts
Gerrit-Branch: master
Gerrit-Change-Id: I15fa75b6c30d7fa0bf50424d25fc47a088dada0a
Gerrit-Change-Number: 36908
Gerrit-PatchSet: 2
Gerrit-Owner: falconia <fal...@freecalypso.org>
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: falconia <fal...@freecalypso.org>
Gerrit-Reviewer: laforge <lafo...@osmocom.org>
Gerrit-Reviewer: pespin <pes...@sysmocom.de>
Gerrit-MessageType: merged

Reply via email to