Change in osmo-bsc[master]: LCLS: tighten GCR check

Harald Welte Sun, 18 Nov 2018 12:20:01 -0800

Harald Welte has submitted this change and it was merged. ( 
https://gerrit.osmocom.org/11689 )


Change subject: LCLS: tighten GCR check
......................................................................

LCLS: tighten GCR check

Use stricter checks for received Global Call Reference.

Change-Id: I9690e1b2d14e41471413bb35eb22fa6c4c4d67fd
Related: OS#2487
---
M src/osmo-bsc/osmo_bsc_bssap.c
1 file changed, 13 insertions(+), 12 deletions(-)

Approvals:
  Harald Welte: Looks good to me, approved
  Jenkins Builder: Verified



diff --git a/src/osmo-bsc/osmo_bsc_bssap.c b/src/osmo-bsc/osmo_bsc_bssap.c
index 6b7a682..f03fb6e 100644
--- a/src/osmo-bsc/osmo_bsc_bssap.c
+++ b/src/osmo-bsc/osmo_bsc_bssap.c
@@ -520,19 +520,20 @@
 static void bssmap_handle_ass_req_lcls(struct gsm_subscriber_connection *conn,
                                        const struct tlv_parsed *tp)
 {
-       const struct tlv_p_entry *tlv;
-       const uint8_t *config, *control;
+       const uint8_t *config, *control, *gcr, gcr_len = TLVP_LEN(tp, 
GSM0808_IE_GLOBAL_CALL_REF);

-       tlv = TLVP_GET(tp, GSM0808_IE_GLOBAL_CALL_REF);
-       if (tlv) {
-               if (tlv->len > sizeof(conn->lcls.global_call_ref))
-                       LOGPFSML(conn->fi, LOGL_ERROR, "Global Call Ref IE of 
%u bytes is too long\n",
-                               tlv->len);
-               else {
-                       LOGPFSM(conn->fi, "Setting GCR to %s\n", 
osmo_hexdump_nospc(tlv->val, tlv->len));
-                       memcpy(&conn->lcls.global_call_ref, tlv->val, tlv->len);
-                       conn->lcls.global_call_ref_len = tlv->len;
-               }
+       if (gcr_len > sizeof(conn->lcls.global_call_ref))
+               LOGPFSML(conn->fi, LOGL_ERROR, "Global Call Ref IE of %u bytes 
is too long\n",
+                        gcr_len);
+       else {
+               gcr = TLVP_VAL_MINLEN(tp, GSM0808_IE_GLOBAL_CALL_REF, 13);
+               if (gcr) {
+                       LOGPFSM(conn->fi, "Setting GCR to %s\n", 
osmo_hexdump_nospc(gcr, gcr_len));
+                       memcpy(&conn->lcls.global_call_ref, gcr, gcr_len);
+                       conn->lcls.global_call_ref_len = gcr_len;
+               } else
+                       LOGPFSML(conn->fi, LOGL_ERROR, "Global Call Ref IE of 
%u bytes is too short\n",
+                                gcr_len);
        }

        config = TLVP_VAL_MINLEN(tp, GSM0808_IE_LCLS_CONFIG, 1);

--
To view, visit https://gerrit.osmocom.org/11689
To unsubscribe, or for help writing mail filters, visit 
https://gerrit.osmocom.org/settings

Gerrit-Project: osmo-bsc
Gerrit-Branch: master
Gerrit-MessageType: merged
Gerrit-Change-Id: I9690e1b2d14e41471413bb35eb22fa6c4c4d67fd
Gerrit-Change-Number: 11689
Gerrit-PatchSet: 2
Gerrit-Owner: Max <msur...@sysmocom.de>
Gerrit-Reviewer: Harald Welte <lafo...@gnumonks.org>
Gerrit-Reviewer: Jenkins Builder (1000002)

Change in osmo-bsc[master]: LCLS: tighten GCR check

Reply via email to