pespin has uploaded this change for review. (
https://gerrit.osmocom.org/c/osmo-bsc/+/41449?usp=email )
Change subject: sccplite: rx mgcp: Make sure payload string is null-terminated
......................................................................
sccplite: rx mgcp: Make sure payload string is null-terminated
Change-Id: Iac3ea7dd5d89eb9ffb6d5123700e9dc9cdfc2ea2
---
M src/osmo-bsc/osmo_bsc_mgcp.c
1 file changed, 41 insertions(+), 7 deletions(-)
git pull ssh://gerrit.osmocom.org:29418/osmo-bsc refs/changes/49/41449/1
diff --git a/src/osmo-bsc/osmo_bsc_mgcp.c b/src/osmo-bsc/osmo_bsc_mgcp.c
index 8eee71f..ec0bbe6 100644
--- a/src/osmo-bsc/osmo_bsc_mgcp.c
+++ b/src/osmo-bsc/osmo_bsc_mgcp.c
@@ -74,8 +74,7 @@
return 0;
}
-/* We received an IPA-encapsulated MGCP message from a MSC. msg owned by
caller. */
-int bsc_sccplite_rx_mgcp(struct bsc_msc_data *msc, struct msgb *msg)
+static int _bsc_sccplite_rx_mgcp(struct bsc_msc_data *msc, struct msgb *msg)
{
struct gsm_subscriber_connection *conn;
char rcv_ep_local_name[1024];
@@ -85,11 +84,14 @@
struct mgcp_client *mgcp_cli = NULL;
int rc;
- LOG_MSC(msc, LOGL_INFO, "Received IPA-encapsulated MGCP: %s\n",
msg->l2h);
+ LOG_MSC(msc, LOGL_INFO,
+ "Received IPA-encapsulated MGCP: %s\n", (const char
*)msgb_l2(msg));
- rc = parse_local_endpoint_name(rcv_ep_local_name,
sizeof(rcv_ep_local_name), (const char *)msg->l2h);
+ rc = parse_local_endpoint_name(rcv_ep_local_name,
sizeof(rcv_ep_local_name),
+ (const char *)msgb_l2(msg));
if (rc < 0) {
- LOG_MSC(msc, LOGL_ERROR, "Received IPA-encapsulated MGCP:
Failed to parse CIC\n");
+ LOG_MSC(msc, LOGL_ERROR,
+ "Received IPA-encapsulated MGCP: Failed to parse
CIC\n");
return rc;
}
@@ -104,7 +106,8 @@
if (!conn->user_plane.mgw_endpoint)
continue;
ep_local_name =
osmo_mgcpc_ep_local_name(conn->user_plane.mgw_endpoint);
- LOGPFSMSL(conn->fi, DMSC, LOGL_DEBUG, "ep_local_name='%s' vs
rcv_ep_local_name='%s'\n",
+ LOGPFSMSL(conn->fi, DMSC, LOGL_DEBUG,
+ "ep_local_name='%s' vs rcv_ep_local_name='%s'\n",
ep_local_name ? : "(null)", rcv_ep_local_name);
if (!ep_local_name)
continue;
@@ -117,7 +120,8 @@
}
if (!mgcp_cli) {
- LOG_MSC(msc, LOGL_ERROR, "Received IPA-encapsulated MGCP:
Failed to find associated MGW\n");
+ LOG_MSC(msc, LOGL_ERROR,
+ "Received IPA-encapsulated MGCP: Failed to find
associated MGW\n");
return 0;
}
@@ -147,6 +151,36 @@
return rc;
}
+/* We received an IPA-encapsulated MGCP message from MSC. msg owned by caller.
*/
+int bsc_sccplite_rx_mgcp(struct bsc_msc_data *msc, struct msgb *msg)
+{
+ int rc;
+ struct msgb *msg_resized;
+
+ if (msgb_l2len(msg) == 0) {
+ LOG_MSC(msc, LOGL_NOTICE, "Received empty IPA-encapsulated
MGCP\n");
+ return -ENODATA;
+ }
+
+ /* Make sure we have a NULL-terminated string to be on the safe side: */
+ if (*((const char *)msgb_l2(msg) + msgb_l2len(msg) - 1) == '\0')
+ return _bsc_sccplite_rx_mgcp(msc, msg);
+
+ /* If there's extra space available in msgb from lower layers, simply
nullify next char: */
+ if (msgb_tailroom(msg) > 0) {
+ *msg->tail = '\0';
+ return _bsc_sccplite_rx_mgcp(msc, msg);
+ }
+
+ /* Otherwise, craft a resized message: */
+ msg_resized = msgb_copy_resize(msg, msgb_length(msg)+1, "mgcp-resized");
+ OSMO_ASSERT(msgb_tailroom(msg) == 1);
+ *msg->tail = '\0';
+ rc = _bsc_sccplite_rx_mgcp(msc, msg_resized);
+ msgb_free(msg_resized);
+ return rc;
+}
+
/* we received some data on the UDP proxy socket from the MGW. Pass it to MSC
via IPA */
int bsc_sccplite_mgcp_proxy_cb(struct osmo_fd *ofd, unsigned int what)
{
--
To view, visit https://gerrit.osmocom.org/c/osmo-bsc/+/41449?usp=email
To unsubscribe, or for help writing mail filters, visit
https://gerrit.osmocom.org/settings?usp=email
Gerrit-MessageType: newchange
Gerrit-Project: osmo-bsc
Gerrit-Branch: master
Gerrit-Change-Id: Iac3ea7dd5d89eb9ffb6d5123700e9dc9cdfc2ea2
Gerrit-Change-Number: 41449
Gerrit-PatchSet: 1
Gerrit-Owner: pespin <[email protected]>
