Harald Welte has submitted this change and it was merged.
Change subject: pcu_sock: Discard messages that are too short
......................................................................
pcu_sock: Discard messages that are too short
The downstream code of pcu_sock.c doesn't contain any length checks,
so let's discard any messages that are shorter than the primitive
length.
Change-Id: I35ac84d4db6d21ea61afbd1864c810bbf601d69b
---
M src/common/pcu_sock.c
1 file changed, 6 insertions(+), 0 deletions(-)
Approvals:
Stefan Sperling: Looks good to me, but someone else must approve
Harald Welte: Looks good to me, approved
Jenkins Builder: Verified
diff --git a/src/common/pcu_sock.c b/src/common/pcu_sock.c
index fa13f24..b810174 100644
--- a/src/common/pcu_sock.c
+++ b/src/common/pcu_sock.c
@@ -749,6 +749,12 @@
goto close;
}
+ if (rc < sizeof(*pcu_prim)) {
+ LOGP(DPCU, LOGL_ERROR, "Received %d bytes on PCU Socket, but
primitive size "
+ "is %lu, discarding\n", rc, sizeof(*pcu_prim));
+ return 0;
+ }
+
rc = pcu_rx(state->net, pcu_prim->msg_type, pcu_prim);
/* as we always synchronously process the message in pcu_rx() and
--
To view, visit https://gerrit.osmocom.org/6995
To unsubscribe, visit https://gerrit.osmocom.org/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I35ac84d4db6d21ea61afbd1864c810bbf601d69b
Gerrit-PatchSet: 2
Gerrit-Project: osmo-bts
Gerrit-Branch: master
Gerrit-Owner: Harald Welte <lafo...@gnumonks.org>
Gerrit-Reviewer: Harald Welte <lafo...@gnumonks.org>
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: Stefan Sperling <ssperl...@sysmocom.de>
