osmocom-bb[master]: host/mobile: use osmocom_ms as talloc context
Patch Set 5: Well, I was managed to avoid adding 'ms' as an argument. Let's merge it for now, while dynamic allocation of the ms->* would be implemented in a separate commit. -- To view, visit https://gerrit.osmocom.org/2668 To unsubscribe, visit https://gerrit.osmocom.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: I0d5fcbdd77fe41d78cfe54731dd2ebfc4171f62c Gerrit-PatchSet: 5 Gerrit-Project: osmocom-bb Gerrit-Branch: master Gerrit-Owner: Vadim YanitskiyGerrit-Reviewer: Harald Welte Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: Vadim Yanitskiy Gerrit-HasComments: No
[PATCH] osmocom-bb[master]: host/mobile: use osmocom_ms as talloc context
Hello Harald Welte, Jenkins Builder, I'd like you to reexamine a change. Please visit https://gerrit.osmocom.org/2668 to look at the new patch set (#5). host/mobile: use osmocom_ms as talloc context As we use talloc, it's absurdly not to use the main feature of the library - hierarchical memory management. This change sets talloc context of all sub-allocated objects to related osmocom_ms instance. So, as soon as osmocom_ms instance is destroyed, all sub-allocated chunks are getting destroyed too. Change-Id: I0d5fcbdd77fe41d78cfe54731dd2ebfc4171f62c --- M src/host/layer23/include/osmocom/bb/mobile/mncc_sock.h M src/host/layer23/src/common/sim.c M src/host/layer23/src/mobile/app_mobile.c M src/host/layer23/src/mobile/gsm322.c M src/host/layer23/src/mobile/gsm48_cc.c M src/host/layer23/src/mobile/mncc_sock.c M src/host/layer23/src/mobile/mnccms.c M src/host/layer23/src/mobile/subscriber.c M src/host/layer23/src/mobile/transaction.c M src/host/layer23/src/mobile/vty_interface.c 10 files changed, 23 insertions(+), 35 deletions(-) git pull ssh://gerrit.osmocom.org:29418/osmocom-bb refs/changes/68/2668/5 diff --git a/src/host/layer23/include/osmocom/bb/mobile/mncc_sock.h b/src/host/layer23/include/osmocom/bb/mobile/mncc_sock.h index b38c5bc..9116ea3 100644 --- a/src/host/layer23/include/osmocom/bb/mobile/mncc_sock.h +++ b/src/host/layer23/include/osmocom/bb/mobile/mncc_sock.h @@ -10,7 +10,7 @@ int mncc_sock_from_cc(struct mncc_sock_state *state, struct msgb *msg); void mncc_sock_write_pending(struct mncc_sock_state *state); -struct mncc_sock_state *mncc_sock_init(void *inst, const char *name, void *tall_ctx); +struct mncc_sock_state *mncc_sock_init(void *inst, const char *name); void mncc_sock_exit(struct mncc_sock_state *state); #endif /* _MNCC_SOCK_H */ diff --git a/src/host/layer23/src/common/sim.c b/src/host/layer23/src/common/sim.c index 9aad966..c2d6033 100644 --- a/src/host/layer23/src/common/sim.c +++ b/src/host/layer23/src/common/sim.c @@ -29,7 +29,6 @@ #include #include -extern void *l23_ctx; static int sim_process_job(struct osmocom_ms *ms); /* @@ -1181,7 +1180,7 @@ struct gsm_sim_handler *handler; /* create handler and attach */ - handler = talloc_zero(l23_ctx, struct gsm_sim_handler); + handler = talloc_zero(ms, struct gsm_sim_handler); if (!handler) return 0; handler->handle = new_handle++; diff --git a/src/host/layer23/src/mobile/app_mobile.c b/src/host/layer23/src/mobile/app_mobile.c index 9dbae7c..bd786b5 100644 --- a/src/host/layer23/src/mobile/app_mobile.c +++ b/src/host/layer23/src/mobile/app_mobile.c @@ -273,7 +273,7 @@ mncc_name = talloc_asprintf(ms, "/tmp/ms_mncc_%s", ms->name); ms->mncc_entity.mncc_recv = mncc_recv_app; - ms->mncc_entity.sock_state = mncc_sock_init(ms, mncc_name, l23_ctx); + ms->mncc_entity.sock_state = mncc_sock_init(ms, mncc_name); talloc_free(mncc_name); } else if (ms->settings.ch_cap == GSM_CAP_SDCCH) diff --git a/src/host/layer23/src/mobile/gsm322.c b/src/host/layer23/src/mobile/gsm322.c index 9fda91e..81e8c3f 100644 --- a/src/host/layer23/src/mobile/gsm322.c +++ b/src/host/layer23/src/mobile/gsm322.c @@ -45,8 +45,6 @@ const char *ba_version = "osmocom BA V1\n"; -extern void *l23_ctx; - static void gsm322_cs_timeout(void *arg); static int gsm322_cs_select(struct osmocom_ms *ms, int index, uint16_t mcc, uint16_t mnc, int any); @@ -562,7 +560,7 @@ LOGP(DPLMN, LOGL_INFO, "Add to list of forbidden LAs " "(mcc=%s, mnc=%s, lac=%04x)\n", gsm_print_mcc(mcc), gsm_print_mnc(mnc), lac); - la = talloc_zero(l23_ctx, struct gsm322_la_list); + la = talloc_zero(ms, struct gsm322_la_list); if (!la) return -ENOMEM; la->mcc = mcc; @@ -907,7 +905,7 @@ if (cs->list[i].rxlev > found->rxlev) found->rxlev = cs->list[i].rxlev; } else { - temp = talloc_zero(l23_ctx, struct gsm322_plmn_list); + temp = talloc_zero(ms, struct gsm322_plmn_list); if (!temp) return -ENOMEM; temp->mcc = cs->list[i].sysinfo->mcc; @@ -2155,7 +2153,7 @@ cs->arfcn = cs->sel_arfcn; cs->arfci = arfcn2index(cs->arfcn); if (!cs->list[cs->arfci].sysinfo) - cs->list[cs->arfci].sysinfo = talloc_zero(l23_ctx, + cs->list[cs->arfci].sysinfo = talloc_zero(ms, struct gsm48_sysinfo); if (!cs->list[cs->arfci].sysinfo) exit(-ENOMEM); @@ -2262,7 +2260,7 @@ memset(cs->list[cs->arfci].sysinfo, 0, sizeof(struct gsm48_sysinfo));
Build failure of network:osmocom:nightly/osmo-mgw in Debian_9.0/aarch64
Visit https://build.opensuse.org/package/live_build_log/network:osmocom:nightly/osmo-mgw/Debian_9.0/aarch64 Package network:osmocom:nightly/osmo-mgw failed to build in Debian_9.0/aarch64 Check out the package for editing: osc checkout network:osmocom:nightly osmo-mgw Last lines of build log: [ 24s] [58/70] preinstalling libuuid1... [ 24s] [59/70] preinstalling user-setup... [ 24s] [60/70] preinstalling login... [ 24s] [61/70] preinstalling base-files... [ 25s] [62/70] preinstalling libblkid1... [ 25s] [63/70] preinstalling libmount1... [ 25s] [64/70] preinstalling bash... [ 26s] [65/70] preinstalling mount... [ 26s] [66/70] preinstalling util-linux... [ 27s] [67/70] preinstalling sysvinit-utils... [ 27s] [68/70] preinstalling e2fsprogs... [ 27s] [69/70] preinstalling sysv-rc... [ 27s] [70/70] preinstalling initscripts... [ 27s] [ 29s] [1/1] preinstalling libdevmapper1.02.1... [ 30s] copying packages... [ 49s] reordering...cycle: libc6 -> libgcc1 [ 49s] breaking dependency libgcc1 -> libc6 [ 49s] cycle: debhelper -> dh-autoreconf [ 49s] breaking dependency debhelper -> dh-autoreconf [ 49s] cycle: dh-strip-nondeterminism -> debhelper [ 49s] breaking dependency debhelper -> dh-strip-nondeterminism [ 49s] done [ 50s] objdump: /boot/Image: File format not recognized [ 51s] booting kvm... [ 51s] ### VM INTERACTION START ### [ 51s] /var/run/obs/worker/32/build/build-vm-kvm: fork: Cannot allocate memory [ 51s] /var/run/obs/worker/32/build/build: fork: Cannot allocate memory [ 51s] /var/run/obs/worker/32/build/build-vm: fork: Cannot allocate memory -- Configure notifications at https://build.opensuse.org/user/notifications openSUSE Build Service (https://build.opensuse.org/)
osmo-pcu[master]: PCU: display TA information in TBF stats
Patch Set 1: (1 comment) https://gerrit.osmocom.org/#/c/4679/1/src/pcu_vty_functions.cpp File src/pcu_vty_functions.cpp: Line 49:tbf->ta(), ta() seems to return uint8_t, so %u would be more appropriate. -- To view, visit https://gerrit.osmocom.org/4679 To unsubscribe, visit https://gerrit.osmocom.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: I26886224c2ad6d5a29e92203635b8bf7459730a2 Gerrit-PatchSet: 1 Gerrit-Project: osmo-pcu Gerrit-Branch: master Gerrit-Owner: Minh-Quang NguyenGerrit-Reviewer: Harald Welte Gerrit-Reviewer: Jenkins Builder Gerrit-HasComments: Yes
osmo-mgw[master]: mgcp-client vty: use name 'mgw' instead of 'mgcpgw'
Patch Set 2: Code-Review+2 (1 comment) https://gerrit.osmocom.org/#/c/4597/1/src/libosmo-mgcp-client/mgcp_client_vty.c File src/libosmo-mgcp-client/mgcp_client_vty.c: Line 1: /* MGCP client interface to quagga VTY */ it is to libosmocore vty. the fact that this code was originally inherited from quagga (and modified significantly ever since) is of no relevance to the reader here, and probably just serves confusion. -- To view, visit https://gerrit.osmocom.org/4597 To unsubscribe, visit https://gerrit.osmocom.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: I1d43d42929dc9162e57640499526fb7cadbcfbe6 Gerrit-PatchSet: 2 Gerrit-Project: osmo-mgw Gerrit-Branch: master Gerrit-Owner: Neels HofmeyrGerrit-Reviewer: Harald Welte Gerrit-Reviewer: Jenkins Builder Gerrit-HasComments: Yes
osmo-ci[master]: jenkins: Follow the convention and create a jenkins.sh as well
Patch Set 3: Code-Review+2 -- To view, visit https://gerrit.osmocom.org/3676 To unsubscribe, visit https://gerrit.osmocom.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: I0ecdc02e3271fe09980f370167277370c599fcfa Gerrit-PatchSet: 3 Gerrit-Project: osmo-ci Gerrit-Branch: master Gerrit-Owner: Holger FreytherGerrit-Reviewer: Harald Welte Gerrit-Reviewer: Neels Hofmeyr Gerrit-HasComments: No
[MERGED] osmocom-bb[master]: mobile: get rid of unused variables / functions
Harald Welte has submitted this change and it was merged. Change subject: mobile: get rid of unused variables / functions .. mobile: get rid of unused variables / functions Change-Id: Id867ffed9b2b67025320d002e1e009e19c759a23 --- M src/host/layer23/src/mobile/gsm411_sms.c M src/host/layer23/src/mobile/gsm48_mm.c M src/host/layer23/src/mobile/gsm48_rr.c 3 files changed, 19 insertions(+), 28 deletions(-) Approvals: Harald Welte: Looks good to me, approved Jenkins Builder: Verified diff --git a/src/host/layer23/src/mobile/gsm411_sms.c b/src/host/layer23/src/mobile/gsm411_sms.c index f56262e..22db859 100644 --- a/src/host/layer23/src/mobile/gsm411_sms.c +++ b/src/host/layer23/src/mobile/gsm411_sms.c @@ -226,7 +226,7 @@ uint8_t *smsp = msgb_sms(msg); struct gsm_sms *gsms; unsigned int sms_alphabet; - uint8_t sms_mti, sms_mms; + uint8_t sms_mti; uint8_t oa_len_bytes; uint8_t address_lv[12]; /* according to 03.40 / 9.1.2.5 */ int rc = 0; @@ -235,7 +235,7 @@ /* invert those fields where 0 means active/present */ sms_mti = *smsp & 0x03; - sms_mms = !!(*smsp & 0x04); + /* uint8_t sms_mms = !!(*smsp & 0x04); */ gsms->status_rep_req = (*smsp & 0x20); gsms->ud_hdr_ind = (*smsp & 0x40); gsms->reply_path_req = (*smsp & 0x80); diff --git a/src/host/layer23/src/mobile/gsm48_mm.c b/src/host/layer23/src/mobile/gsm48_mm.c index 360f9b3..4b1db1e 100644 --- a/src/host/layer23/src/mobile/gsm48_mm.c +++ b/src/host/layer23/src/mobile/gsm48_mm.c @@ -3244,7 +3244,6 @@ struct gsm48_mmlayer *mm = >mmlayer; struct gsm48_mm_conn *conn, *conn_found = NULL; struct msgb *nmsg; - struct gsm48_mmxx_hdr *nmmh; /* the first and only pending connection is the recent requested */ llist_for_each_entry(conn, >mm_conn, list) { @@ -3293,7 +3292,7 @@ } if (!nmsg) return -ENOMEM; - nmmh = (struct gsm48_mmxx_hdr *)nmsg->data; + gsm48_mmxx_upmsg(ms, nmsg); return 0; @@ -3325,7 +3324,6 @@ struct gsm48_mmlayer *mm = >mmlayer; struct gsm48_mm_conn *conn; struct msgb *nmsg; - struct gsm48_mmxx_hdr *nmmh; /* stop MM connection timer */ stop_mm_t3230(mm); @@ -3342,7 +3340,7 @@ } if (!nmsg) continue; /* skip if not of CC type */ - nmmh = (struct gsm48_mmxx_hdr *)nmsg->data; + /* copy L3 message */ nmsg->l3h = msgb_put(nmsg, msgb_l3len(msg)); memcpy(nmsg->l3h, msg->l3h, msgb_l3len(msg)); @@ -3595,15 +3593,12 @@ llist_for_each_entry(conn, >mm_conn, list) { if (conn->sapi == sapi && conn->state == GSM48_MMXX_ST_DEDICATED) { - struct gsm48_mmxx_hdr *nmmh; struct msgb *nmsg; - nmsg = gsm48_mmxx_msgb_alloc( GSM48_MMSMS_EST_CNF, conn->ref, conn->transaction_id, conn->sapi); if (!nmsg) return -ENOMEM; - nmmh = (struct gsm48_mmxx_hdr *)nmsg->data; gsm48_mmxx_upmsg(ms, nmsg); } } diff --git a/src/host/layer23/src/mobile/gsm48_rr.c b/src/host/layer23/src/mobile/gsm48_rr.c index b821457..ac27214 100644 --- a/src/host/layer23/src/mobile/gsm48_rr.c +++ b/src/host/layer23/src/mobile/gsm48_rr.c @@ -743,11 +743,6 @@ LOGP(DRR, LOGL_INFO, "timer T3122 has fired\n"); } -static void timeout_rr_t3124(void *arg) -{ - LOGP(DRR, LOGL_INFO, "timer T3124 has fired\n"); -} - static void timeout_rr_t3126(void *arg) { struct gsm48_rrlayer *rr = arg; @@ -810,15 +805,6 @@ rr->t3122.cb = timeout_rr_t3122; rr->t3122.data = rr; osmo_timer_schedule(>t3122, sec, micro); -} - -static void start_rr_t3124(struct gsm48_rrlayer *rr, int sec, int micro) -{ - LOGP(DRR, LOGL_INFO, "starting T3124 with %d.%03d seconds\n", sec, - micro / 1000); - rr->t3124.cb = timeout_rr_t3124; - rr->t3124.data = rr; - osmo_timer_schedule(>t3124, sec, micro); } static void start_rr_t3126(struct gsm48_rrlayer *rr, int sec, int micro) @@ -2735,7 +2721,7 @@ uint8_t serv_rxlev_full = 0, serv_rxlev_sub = 0, serv_rxqual_full = 0, serv_rxqual_sub = 0; uint8_t ta, tx_power; - uint8_t rep_ba = 0, rep_valid = 0, meas_valid = 0, multi_rep = 0; + uint8_t rep_ba = 0, rep_valid = 0, meas_valid = 0; uint8_t n = 0, rxlev_nc[6], bsic_nc[6], bcch_f_nc[6]; /* just in case! */ @@ -2770,12 +2756,13 @@ uint8_t
[MERGED] osmocom-bb[master]: mobile/vty_interface.c: fix incompatible pointer type warning
Harald Welte has submitted this change and it was merged. Change subject: mobile/vty_interface.c: fix incompatible pointer type warning .. mobile/vty_interface.c: fix incompatible pointer type warning According to the vty_app_info struct definition, the go_parent_cb() should return an integer, but not enum. So, this change fixes the following compiler warning: > warning: initialization from incompatible pointer type > .go_parent_cb = ms_vty_go_parent, Change-Id: Ib55e43eaaebdd9fe0d74a030b1057ae82804a77e --- M src/host/layer23/include/osmocom/bb/mobile/vty.h M src/host/layer23/src/mobile/vty_interface.c 2 files changed, 2 insertions(+), 2 deletions(-) Approvals: Max: Looks good to me, but someone else must approve Harald Welte: Looks good to me, approved Jenkins Builder: Verified diff --git a/src/host/layer23/include/osmocom/bb/mobile/vty.h b/src/host/layer23/include/osmocom/bb/mobile/vty.h index 1f1341b..3bec113 100644 --- a/src/host/layer23/include/osmocom/bb/mobile/vty.h +++ b/src/host/layer23/include/osmocom/bb/mobile/vty.h @@ -12,7 +12,7 @@ SUPPORT_NODE, }; -enum node_type ms_vty_go_parent(struct vty *vty); +int ms_vty_go_parent(struct vty *vty); int ms_vty_init(void); extern void vty_notify(struct osmocom_ms *ms, const char *fmt, ...) __attribute__ ((format (printf, 2, 3))); diff --git a/src/host/layer23/src/mobile/vty_interface.c b/src/host/layer23/src/mobile/vty_interface.c index b3777dc..0f27194 100644 --- a/src/host/layer23/src/mobile/vty_interface.c +++ b/src/host/layer23/src/mobile/vty_interface.c @@ -2757,7 +2757,7 @@ return CMD_SUCCESS; } -enum node_type ms_vty_go_parent(struct vty *vty) +int ms_vty_go_parent(struct vty *vty) { switch (vty->node) { case MS_NODE: -- To view, visit https://gerrit.osmocom.org/4640 To unsubscribe, visit https://gerrit.osmocom.org/settings Gerrit-MessageType: merged Gerrit-Change-Id: Ib55e43eaaebdd9fe0d74a030b1057ae82804a77e Gerrit-PatchSet: 2 Gerrit-Project: osmocom-bb Gerrit-Branch: master Gerrit-Owner: Vadim YanitskiyGerrit-Reviewer: Harald Welte Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: Max
osmocom-bb[master]: mobile/gsm480_ss.c: use secure gsm_7bit_(en|de)code_n_ussd
Patch Set 2: Code-Review+2 -- To view, visit https://gerrit.osmocom.org/4641 To unsubscribe, visit https://gerrit.osmocom.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: If8a1983592f5800e3981f29962eb333ac9473f40 Gerrit-PatchSet: 2 Gerrit-Project: osmocom-bb Gerrit-Branch: master Gerrit-Owner: Vadim YanitskiyGerrit-Reviewer: Harald Welte Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: Max Gerrit-HasComments: No
[MERGED] osmocom-bb[master]: mobile/gsm480_ss.c: use secure gsm_7bit_(en|de)code_n_ussd
Harald Welte has submitted this change and it was merged. Change subject: mobile/gsm480_ss.c: use secure gsm_7bit_(en|de)code_n_ussd .. mobile/gsm480_ss.c: use secure gsm_7bit_(en|de)code_n_ussd Since some 'gsm_7bit_*' functions were deprecated and replaced by more secure ones with the '_n_' suffix in names, it's better to use the updated functions. Change-Id: If8a1983592f5800e3981f29962eb333ac9473f40 --- M src/host/layer23/src/mobile/gsm480_ss.c 1 file changed, 2 insertions(+), 6 deletions(-) Approvals: Harald Welte: Looks good to me, approved Jenkins Builder: Verified diff --git a/src/host/layer23/src/mobile/gsm480_ss.c b/src/host/layer23/src/mobile/gsm480_ss.c index 8d025e9..ff90faa 100644 --- a/src/host/layer23/src/mobile/gsm480_ss.c +++ b/src/host/layer23/src/mobile/gsm480_ss.c @@ -532,7 +532,7 @@ } /* Encode service request */ - length = gsm_7bit_encode(msg->data, text); + gsm_7bit_encode_n_ussd(msg->data, msgb_tailroom(msg), text, ); msgb_put(msg, length); /* Then wrap it as an Octet String */ @@ -772,11 +772,7 @@ return -EINVAL; } num_chars = tag_len * 8 / 7; - /* Prevent a mobile-originated buffer-overrun! */ - if (num_chars > sizeof(text) - 1) - num_chars = sizeof(text) - 1; - text[sizeof(text) - 1] = '\0'; - gsm_7bit_decode(text, tag_data, num_chars); + gsm_7bit_decode_n_ussd(text, sizeof(text), tag_data, num_chars); for (i = 0; text[i]; i++) { if (text[i] == '\r') -- To view, visit https://gerrit.osmocom.org/4641 To unsubscribe, visit https://gerrit.osmocom.org/settings Gerrit-MessageType: merged Gerrit-Change-Id: If8a1983592f5800e3981f29962eb333ac9473f40 Gerrit-PatchSet: 2 Gerrit-Project: osmocom-bb Gerrit-Branch: master Gerrit-Owner: Vadim YanitskiyGerrit-Reviewer: Harald Welte Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: Max
[MERGED] osmocom-bb[master]: mobile/gsm411_sms.c: use secure gsm_7bit_(en|de)code_n
Harald Welte has submitted this change and it was merged. Change subject: mobile/gsm411_sms.c: use secure gsm_7bit_(en|de)code_n .. mobile/gsm411_sms.c: use secure gsm_7bit_(en|de)code_n Since some 'gsm_7bit_*' functions were deprecated and replaced by more secure ones with the '_n_' postfix in names, it's better to use the updated functions. Change-Id: I58150e9b74699e5f54b9a83416ad8efcb2eccd8e --- M src/host/layer23/src/mobile/gsm411_sms.c 1 file changed, 4 insertions(+), 2 deletions(-) Approvals: Harald Welte: Looks good to me, approved Jenkins Builder: Verified diff --git a/src/host/layer23/src/mobile/gsm411_sms.c b/src/host/layer23/src/mobile/gsm411_sms.c index 655fe53..f56262e 100644 --- a/src/host/layer23/src/mobile/gsm411_sms.c +++ b/src/host/layer23/src/mobile/gsm411_sms.c @@ -113,7 +113,8 @@ sms->data_coding_scheme = dcs; strncpy(sms->address, receiver, sizeof(sms->address)-1); /* Generate user_data */ - sms->user_data_len = gsm_7bit_encode(sms->user_data, sms->text); + sms->user_data_len = gsm_7bit_encode_n(sms->user_data, + sizeof(sms->user_data), sms->text, NULL); return sms; } @@ -282,7 +283,8 @@ switch (sms_alphabet) { case DCS_7BIT_DEFAULT: - gsm_7bit_decode(gsms->text, smsp, gsms->user_data_len); + gsm_7bit_decode_n(gsms->text, sizeof(gsms->text), + smsp, gsms->user_data_len); break; case DCS_8BIT_DATA: case DCS_UCS2: -- To view, visit https://gerrit.osmocom.org/4643 To unsubscribe, visit https://gerrit.osmocom.org/settings Gerrit-MessageType: merged Gerrit-Change-Id: I58150e9b74699e5f54b9a83416ad8efcb2eccd8e Gerrit-PatchSet: 2 Gerrit-Project: osmocom-bb Gerrit-Branch: master Gerrit-Owner: Vadim YanitskiyGerrit-Reviewer: Harald Welte Gerrit-Reviewer: Jenkins Builder
[MERGED] osmocom-bb[master]: mobile/gsm48_mm.c: use secure gsm_7bit_decode_n
Harald Welte has submitted this change and it was merged. Change subject: mobile/gsm48_mm.c: use secure gsm_7bit_decode_n .. mobile/gsm48_mm.c: use secure gsm_7bit_decode_n Since some 'gsm_7bit_*' functions were deprecated and replaced by more secure ones with the '_n_' postfix in names, it's better to use the updated functions. Change-Id: I4499b592a0dfea71462aed19fe641419d79b3cbd --- M src/host/layer23/src/mobile/gsm48_mm.c 1 file changed, 1 insertion(+), 4 deletions(-) Approvals: Harald Welte: Looks good to me, approved Jenkins Builder: Verified diff --git a/src/host/layer23/src/mobile/gsm48_mm.c b/src/host/layer23/src/mobile/gsm48_mm.c index 100129b..360f9b3 100644 --- a/src/host/layer23/src/mobile/gsm48_mm.c +++ b/src/host/layer23/src/mobile/gsm48_mm.c @@ -264,10 +264,7 @@ length = ((in_len - 1) * 8 - padding) / 7; if (length <= 0) return 0; - if (length >= name_len) - length = name_len - 1; - gsm_7bit_decode(name, lv + 2, length); - name[length] = '\0'; + gsm_7bit_decode_n(name, name_len, lv + 2, length); return length; } -- To view, visit https://gerrit.osmocom.org/4642 To unsubscribe, visit https://gerrit.osmocom.org/settings Gerrit-MessageType: merged Gerrit-Change-Id: I4499b592a0dfea71462aed19fe641419d79b3cbd Gerrit-PatchSet: 2 Gerrit-Project: osmocom-bb Gerrit-Branch: master Gerrit-Owner: Vadim YanitskiyGerrit-Reviewer: Harald Welte Gerrit-Reviewer: Jenkins Builder
[MERGED] osmo-bts[master]: trx: Don't assume phy_instance_by_num() returns non-NULL
Harald Welte has submitted this change and it was merged. Change subject: trx: Don't assume phy_instance_by_num() returns non-NULL .. trx: Don't assume phy_instance_by_num() returns non-NULL In trx_clk_read_cb(), when calling phy_instance_by_num(), that function might in error cases return a NULL phy-instance. Let's put an OSMO_ASSERT() there as safeguard to avoid NULL dereference when dereferencing pinst->trx->bts. Fixes: Coverity CID#178657 Change-Id: If6b6b45380368e9ee9e03ca1eb7ac56c21e72b03 --- M src/osmo-bts-trx/trx_if.c 1 file changed, 2 insertions(+), 0 deletions(-) Approvals: Harald Welte: Looks good to me, approved Jenkins Builder: Verified diff --git a/src/osmo-bts-trx/trx_if.c b/src/osmo-bts-trx/trx_if.c index 1332854..7030e3c 100644 --- a/src/osmo-bts-trx/trx_if.c +++ b/src/osmo-bts-trx/trx_if.c @@ -103,6 +103,8 @@ int len; uint32_t fn; + OSMO_ASSERT(pinst); + len = recv(ofd->fd, buf, sizeof(buf) - 1, 0); if (len <= 0) return len; -- To view, visit https://gerrit.osmocom.org/4687 To unsubscribe, visit https://gerrit.osmocom.org/settings Gerrit-MessageType: merged Gerrit-Change-Id: If6b6b45380368e9ee9e03ca1eb7ac56c21e72b03 Gerrit-PatchSet: 1 Gerrit-Project: osmo-bts Gerrit-Branch: master Gerrit-Owner: Harald WelteGerrit-Reviewer: Harald Welte Gerrit-Reviewer: Jenkins Builder
osmo-ggsn[master]: tun: Don't copy 16byte IPv6 address to 'struct in_addr'
Patch Set 1: Code-Review+2 -- To view, visit https://gerrit.osmocom.org/4692 To unsubscribe, visit https://gerrit.osmocom.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: If0b626d688841d6e0a3867834f4cb1b70084050e Gerrit-PatchSet: 1 Gerrit-Project: osmo-ggsn Gerrit-Branch: master Gerrit-Owner: Harald WelteGerrit-Reviewer: Harald Welte Gerrit-Reviewer: Jenkins Builder Gerrit-HasComments: No
[MERGED] osmo-ggsn[master]: tun: Don't copy 16byte IPv6 address to 'struct in_addr'
Harald Welte has submitted this change and it was merged. Change subject: tun: Don't copy 16byte IPv6 address to 'struct in_addr' .. tun: Don't copy 16byte IPv6 address to 'struct in_addr' The 'struct tun' curently only has an in_addr (v4-only) member to store the address of the tun device, so let's not attempt to store an IPv6 address in it. FIXME: This entire code needs an overhaul. The assumption that there's only one address, and only either v6 or v4 is broken to begin with. Change-Id: If0b626d688841d6e0a3867834f4cb1b70084050e Fixes: Coverity CID#174278 --- M lib/tun.c 1 file changed, 0 insertions(+), 1 deletion(-) Approvals: Harald Welte: Looks good to me, approved Jenkins Builder: Verified diff --git a/lib/tun.c b/lib/tun.c index 6bcc13b..3c293a2 100644 --- a/lib/tun.c +++ b/lib/tun.c @@ -396,7 +396,6 @@ #if defined(__linux__) if (addr) { - memcpy(>addr, addr, sizeof(*addr)); memcpy(_addr, addr, sizeof(*addr)); if (ioctl(fd, SIOCSIFADDR, (void *) ) < 0) { if (errno != EEXIST) { -- To view, visit https://gerrit.osmocom.org/4692 To unsubscribe, visit https://gerrit.osmocom.org/settings Gerrit-MessageType: merged Gerrit-Change-Id: If0b626d688841d6e0a3867834f4cb1b70084050e Gerrit-PatchSet: 1 Gerrit-Project: osmo-ggsn Gerrit-Branch: master Gerrit-Owner: Harald WelteGerrit-Reviewer: Harald Welte Gerrit-Reviewer: Jenkins Builder
osmo-ggsn[master]: ippool: Correctly compute size of static pool
Patch Set 1: Code-Review+2 -- To view, visit https://gerrit.osmocom.org/4693 To unsubscribe, visit https://gerrit.osmocom.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: I174102051bef95f7df34b7d7c480a00ae408be7d Gerrit-PatchSet: 1 Gerrit-Project: osmo-ggsn Gerrit-Branch: master Gerrit-Owner: Harald WelteGerrit-Reviewer: Harald Welte Gerrit-Reviewer: Jenkins Builder Gerrit-HasComments: No
[MERGED] osmo-bts[master]: l1sap: fix wrong return value of is_fill_frame()
Harald Welte has submitted this change and it was merged. Change subject: l1sap: fix wrong return value of is_fill_frame() .. l1sap: fix wrong return value of is_fill_frame() When determining if a frame is a fill frame or not, the case statement only conditionally handled AGCH and PCH cases. In case a non-fill-frame was observed, the return value was uninitialized, resulting in some non-fill-frames to be missed from GMSTAP Change-Id: I7b46c720e34cb8ef9a91ae5da28a050439a1937d Closes: Coverity CID#174175 --- M src/common/l1sap.c 1 file changed, 2 insertions(+), 2 deletions(-) Approvals: Harald Welte: Looks good to me, approved Jenkins Builder: Verified diff --git a/src/common/l1sap.c b/src/common/l1sap.c index 763b355..ebcfd2f 100644 --- a/src/common/l1sap.c +++ b/src/common/l1sap.c @@ -335,9 +335,9 @@ if (!memcmp(data, paging_fill, GSM_MACBLOCK_LEN)) return true; break; - default: - return false; + /* don't use 'default' case here as the above only conditionally return true */ } + return false; } static int to_gsmtap(struct gsm_bts_trx *trx, struct osmo_phsap_prim *l1sap) -- To view, visit https://gerrit.osmocom.org/4694 To unsubscribe, visit https://gerrit.osmocom.org/settings Gerrit-MessageType: merged Gerrit-Change-Id: I7b46c720e34cb8ef9a91ae5da28a050439a1937d Gerrit-PatchSet: 1 Gerrit-Project: osmo-bts Gerrit-Branch: master Gerrit-Owner: Harald WelteGerrit-Reviewer: Harald Welte Gerrit-Reviewer: Jenkins Builder
[MERGED] osmo-bts[master]: trx: Better be safe than sorry before calling strlen
Harald Welte has submitted this change and it was merged. Change subject: trx: Better be safe than sorry before calling strlen .. trx: Better be safe than sorry before calling strlen There's a lot of pointer arithmetic in trx_ctrl_read_cb which is not so nice. While I believe the current code is safe, Coverity raises "CID 178665: Insecure data handling (INTEGER_OVERFLOW)" regardin the use of rsp_len in the strcmp(). Let's put some OSMO_ASSERT() in front and hope that makes Coverity happy. Change-Id: I5a9b3307f83cdde7c8e9f66932446604f5623b05 --- M src/osmo-bts-trx/trx_if.c 1 file changed, 2 insertions(+), 0 deletions(-) Approvals: Harald Welte: Looks good to me, approved Jenkins Builder: Verified diff --git a/src/osmo-bts-trx/trx_if.c b/src/osmo-bts-trx/trx_if.c index a41cf2c..5d8f6c4 100644 --- a/src/osmo-bts-trx/trx_if.c +++ b/src/osmo-bts-trx/trx_if.c @@ -391,6 +391,8 @@ "message '%s'\n", buf, tcm->cmd); goto rsp_error; } + OSMO_ASSERT(strlen(buf+4) >= rsp_len); + OSMO_ASSERT(strlen(tcm->cmd+4) >= rsp_len); if (!!strncmp(buf + 4, tcm->cmd + 4, rsp_len)) goto notmatch; -- To view, visit https://gerrit.osmocom.org/4684 To unsubscribe, visit https://gerrit.osmocom.org/settings Gerrit-MessageType: merged Gerrit-Change-Id: I5a9b3307f83cdde7c8e9f66932446604f5623b05 Gerrit-PatchSet: 1 Gerrit-Project: osmo-bts Gerrit-Branch: master Gerrit-Owner: Harald WelteGerrit-Reviewer: Harald Welte Gerrit-Reviewer: Jenkins Builder
[MERGED] osmo-bts[master]: trx: Don't call osmo_fr_check_sid with negative 'rc'
Harald Welte has submitted this change and it was merged. Change subject: trx: Don't call osmo_fr_check_sid with negative 'rc' .. trx: Don't call osmo_fr_check_sid with negative 'rc' In rx_tchf_fn(), if gsm0503_tch_fr_decode() returns a negative result, we cannot use that result as length argument to osmo_fr_check_sid() Change-Id: Ic4080b5bf6c865bef923f19a2340e1e272c8 Fixes: Coverity CID#178659 --- M src/osmo-bts-trx/scheduler_trx.c 1 file changed, 2 insertions(+), 1 deletion(-) Approvals: Harald Welte: Looks good to me, approved Jenkins Builder: Verified diff --git a/src/osmo-bts-trx/scheduler_trx.c b/src/osmo-bts-trx/scheduler_trx.c index 967e3db..c849dd5 100644 --- a/src/osmo-bts-trx/scheduler_trx.c +++ b/src/osmo-bts-trx/scheduler_trx.c @@ -1055,7 +1055,8 @@ : tch_mode) { case GSM48_CMODE_SPEECH_V1: /* FR */ rc = gsm0503_tch_fr_decode(tch_data, *bursts_p, 1, 0, _errors, _bits_total); - lchan_set_marker(osmo_fr_check_sid(tch_data, rc), lchan); /* DTXu */ + if (rc >= 0) + lchan_set_marker(osmo_fr_check_sid(tch_data, rc), lchan); /* DTXu */ break; case GSM48_CMODE_SPEECH_EFR: /* EFR */ rc = gsm0503_tch_fr_decode(tch_data, *bursts_p, 1, 1, _errors, _bits_total); -- To view, visit https://gerrit.osmocom.org/4686 To unsubscribe, visit https://gerrit.osmocom.org/settings Gerrit-MessageType: merged Gerrit-Change-Id: Ic4080b5bf6c865bef923f19a2340e1e272c8 Gerrit-PatchSet: 1 Gerrit-Project: osmo-bts Gerrit-Branch: master Gerrit-Owner: Harald WelteGerrit-Reviewer: Harald Welte Gerrit-Reviewer: Jenkins Builder
[MERGED] osmo-ggsn[master]: ippool: Correctly compute size of static pool
Harald Welte has submitted this change and it was merged. Change subject: ippool: Correctly compute size of static pool .. ippool: Correctly compute size of static pool * we have to use stataddr, not addr (dynamic) * we have to multiply the length of the address by 8 to get its bit length * we can simplify the -1 +1 logic (like dynamic) Change-Id: I174102051bef95f7df34b7d7c480a00ae408be7d Fixes: Coverity CID#174189 --- M lib/ippool.c 1 file changed, 1 insertion(+), 1 deletion(-) Approvals: Harald Welte: Looks good to me, approved Jenkins Builder: Verified diff --git a/lib/ippool.c b/lib/ippool.c index 55a41d0..a9a64be 100644 --- a/lib/ippool.c +++ b/lib/ippool.c @@ -240,7 +240,7 @@ stataddr = stat->addr; stataddrprefixlen = stat->prefixlen; - statsize = (1 << (addr.len - stataddrprefixlen + 1)) -1; + statsize = (1 << (stataddr.len*8 - stataddrprefixlen)); if (statsize > IPPOOL_STATSIZE) statsize = IPPOOL_STATSIZE; } -- To view, visit https://gerrit.osmocom.org/4693 To unsubscribe, visit https://gerrit.osmocom.org/settings Gerrit-MessageType: merged Gerrit-Change-Id: I174102051bef95f7df34b7d7c480a00ae408be7d Gerrit-PatchSet: 1 Gerrit-Project: osmo-ggsn Gerrit-Branch: master Gerrit-Owner: Harald WelteGerrit-Reviewer: Harald Welte Gerrit-Reviewer: Jenkins Builder
[MERGED] osmo-ggsn[master]: gtp: Explicit OSMO_ASSERT to ensure pdp variable is set
Harald Welte has submitted this change and it was merged. Change subject: gtp: Explicit OSMO_ASSERT to ensure pdp variable is set .. gtp: Explicit OSMO_ASSERT to ensure pdp variable is set Change-Id: I09e37e25fd118ac0a54ab788304d3f5083463050 Fixes: Coverity CID#174335 --- M gtp/gtp.c 1 file changed, 6 insertions(+), 0 deletions(-) Approvals: Harald Welte: Looks good to me, approved Jenkins Builder: Verified diff --git a/gtp/gtp.c b/gtp/gtp.c index c798192..b36e0c6 100644 --- a/gtp/gtp.c +++ b/gtp/gtp.c @@ -2635,6 +2635,12 @@ GTP_LOGPKG(LOGL_ERROR, peer, pack, len, "Received Error Indication\n"); + /* This is obvious from above code, given the semantics of the +* functions above, but Coverity doesn't figure this out, so +* let's make it clear. It's good style anyway in case above +* code should ever change. */ + OSMO_ASSERT(pdp); + if (gsn->cb_delete_context) gsn->cb_delete_context(pdp); pdp_freepdp(pdp); -- To view, visit https://gerrit.osmocom.org/4691 To unsubscribe, visit https://gerrit.osmocom.org/settings Gerrit-MessageType: merged Gerrit-Change-Id: I09e37e25fd118ac0a54ab788304d3f5083463050 Gerrit-PatchSet: 1 Gerrit-Project: osmo-ggsn Gerrit-Branch: master Gerrit-Owner: Harald WelteGerrit-Reviewer: Harald Welte Gerrit-Reviewer: Jenkins Builder
osmo-ggsn[master]: sgsnemu: Free strings in error path
Patch Set 1: Code-Review+2 -- To view, visit https://gerrit.osmocom.org/4689 To unsubscribe, visit https://gerrit.osmocom.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: If59cc8d6d151c123f46c1d029091209fd82b3c8e Gerrit-PatchSet: 1 Gerrit-Project: osmo-ggsn Gerrit-Branch: master Gerrit-Owner: Harald WelteGerrit-Reviewer: Harald Welte Gerrit-Reviewer: Jenkins Builder Gerrit-HasComments: No
[MERGED] osmo-ggsn[master]: sgsnemu: Free strings in error path
Harald Welte has submitted this change and it was merged. Change subject: sgsnemu: Free strings in error path .. sgsnemu: Free strings in error path In create_pdp_conf(), we have to free() any strings both in the success and in the error case. Change-Id: If59cc8d6d151c123f46c1d029091209fd82b3c8e Fixes: Coverity CID#187636, CID#187633 --- M sgsnemu/sgsnemu.c 1 file changed, 2 insertions(+), 2 deletions(-) Approvals: Harald Welte: Looks good to me, approved Jenkins Builder: Verified diff --git a/sgsnemu/sgsnemu.c b/sgsnemu/sgsnemu.c index 0b0fba6..c31f875 100644 --- a/sgsnemu/sgsnemu.c +++ b/sgsnemu/sgsnemu.c @@ -1459,9 +1459,9 @@ "router advertisements; SLAAC will not suceed, please " "fix your setup!\n"); } - free(accept_ra); - free(forwarding); } + free(accept_ra); + free(forwarding); } ipset((struct iphash_t *)pdp->peer, ); -- To view, visit https://gerrit.osmocom.org/4689 To unsubscribe, visit https://gerrit.osmocom.org/settings Gerrit-MessageType: merged Gerrit-Change-Id: If59cc8d6d151c123f46c1d029091209fd82b3c8e Gerrit-PatchSet: 1 Gerrit-Project: osmo-ggsn Gerrit-Branch: master Gerrit-Owner: Harald WelteGerrit-Reviewer: Harald Welte Gerrit-Reviewer: Jenkins Builder
[MERGED] osmo-ggsn[master]: sgsnemu: Make sure buffer has space for terminating-NUL
Harald Welte has submitted this change and it was merged. Change subject: sgsnemu: Make sure buffer has space for terminating-NUL .. sgsnemu: Make sure buffer has space for terminating-NUL In proc_ipv6_conf_read() we allocatea buffer on the stack but forgot the terminating NUL byte. Change-Id: I54126d8bc08c137859f2de4b47ef23fc0714fdd7 Fixes: Coverity CID#178641 --- M sgsnemu/sgsnemu.c 1 file changed, 1 insertion(+), 1 deletion(-) Approvals: Harald Welte: Looks good to me, approved Jenkins Builder: Verified diff --git a/sgsnemu/sgsnemu.c b/sgsnemu/sgsnemu.c index c7ca494..0b0fba6 100644 --- a/sgsnemu/sgsnemu.c +++ b/sgsnemu/sgsnemu.c @@ -985,7 +985,7 @@ static char *proc_ipv6_conf_read(const char *dev, const char *file) { const char *fmt = "/proc/sys/net/ipv6/conf/%s/%s"; - char path[strlen(fmt) + strlen(dev) + strlen(file)]; + char path[strlen(fmt) + strlen(dev) + strlen(file)+1]; snprintf(path, sizeof(path), fmt, dev, file); return proc_read(path); } -- To view, visit https://gerrit.osmocom.org/4688 To unsubscribe, visit https://gerrit.osmocom.org/settings Gerrit-MessageType: merged Gerrit-Change-Id: I54126d8bc08c137859f2de4b47ef23fc0714fdd7 Gerrit-PatchSet: 1 Gerrit-Project: osmo-ggsn Gerrit-Branch: master Gerrit-Owner: Harald WelteGerrit-Reviewer: Harald Welte Gerrit-Reviewer: Jenkins Builder
[MERGED] osmo-ggsn[master]: gtp: Fix buffer overflow in imsi_gtp2str()
Harald Welte has submitted this change and it was merged. Change subject: gtp: Fix buffer overflow in imsi_gtp2str() .. gtp: Fix buffer overflow in imsi_gtp2str() The string buffer allocated for the IMSI must be sized for a length twice the number of input bytes (each byte has two nibbles) plus 1 byte for NUL. We missed the "twice" part :/ Change-Id: I1ecaa811815ae522af71feabc5d0c1ea8b4edde9 Fixes: Coverity CID#174336 --- M gtp/gtp.c 1 file changed, 1 insertion(+), 1 deletion(-) Approvals: Harald Welte: Looks good to me, approved Jenkins Builder: Verified diff --git a/gtp/gtp.c b/gtp/gtp.c index 3051aaa..c798192 100644 --- a/gtp/gtp.c +++ b/gtp/gtp.c @@ -3301,7 +3301,7 @@ * _network byte order_ to contain BCD digits ?!? */ const char *imsi_gtp2str(const uint64_t *imsi) { - static char buf[sizeof(*imsi)+1]; + static char buf[sizeof(*imsi)*2+1]; const uint8_t *imsi8 = (const uint8_t *) imsi; unsigned int i, j = 0; -- To view, visit https://gerrit.osmocom.org/4690 To unsubscribe, visit https://gerrit.osmocom.org/settings Gerrit-MessageType: merged Gerrit-Change-Id: I1ecaa811815ae522af71feabc5d0c1ea8b4edde9 Gerrit-PatchSet: 1 Gerrit-Project: osmo-ggsn Gerrit-Branch: master Gerrit-Owner: Harald WelteGerrit-Reviewer: Harald Welte Gerrit-Reviewer: Jenkins Builder
osmo-ggsn[master]: gtp: Fix buffer overflow in imsi_gtp2str()
Patch Set 1: Code-Review+2 -- To view, visit https://gerrit.osmocom.org/4690 To unsubscribe, visit https://gerrit.osmocom.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: I1ecaa811815ae522af71feabc5d0c1ea8b4edde9 Gerrit-PatchSet: 1 Gerrit-Project: osmo-ggsn Gerrit-Branch: master Gerrit-Owner: Harald WelteGerrit-Reviewer: Harald Welte Gerrit-Reviewer: Jenkins Builder Gerrit-HasComments: No
osmo-bts[master]: trx: Don't call osmo_fr_check_sid with negative 'rc'
Patch Set 1: Code-Review+2 -- To view, visit https://gerrit.osmocom.org/4686 To unsubscribe, visit https://gerrit.osmocom.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: Ic4080b5bf6c865bef923f19a2340e1e272c8 Gerrit-PatchSet: 1 Gerrit-Project: osmo-bts Gerrit-Branch: master Gerrit-Owner: Harald WelteGerrit-Reviewer: Harald Welte Gerrit-Reviewer: Jenkins Builder Gerrit-HasComments: No
osmo-bts[master]: trx: Don't assume phy_instance_by_num() returns non-NULL
Patch Set 1: Code-Review+2 -- To view, visit https://gerrit.osmocom.org/4687 To unsubscribe, visit https://gerrit.osmocom.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: If6b6b45380368e9ee9e03ca1eb7ac56c21e72b03 Gerrit-PatchSet: 1 Gerrit-Project: osmo-bts Gerrit-Branch: master Gerrit-Owner: Harald WelteGerrit-Reviewer: Harald Welte Gerrit-Reviewer: Jenkins Builder Gerrit-HasComments: No
osmo-ggsn[master]: sgsnemu: Make sure buffer has space for terminating-NUL
Patch Set 1: Code-Review+2 -- To view, visit https://gerrit.osmocom.org/4688 To unsubscribe, visit https://gerrit.osmocom.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: I54126d8bc08c137859f2de4b47ef23fc0714fdd7 Gerrit-PatchSet: 1 Gerrit-Project: osmo-ggsn Gerrit-Branch: master Gerrit-Owner: Harald WelteGerrit-Reviewer: Harald Welte Gerrit-Reviewer: Jenkins Builder Gerrit-HasComments: No
osmo-bts[master]: l1sap: fix wrong return value of is_fill_frame()
Patch Set 1: Code-Review+2 -- To view, visit https://gerrit.osmocom.org/4694 To unsubscribe, visit https://gerrit.osmocom.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: I7b46c720e34cb8ef9a91ae5da28a050439a1937d Gerrit-PatchSet: 1 Gerrit-Project: osmo-bts Gerrit-Branch: master Gerrit-Owner: Harald WelteGerrit-Reviewer: Harald Welte Gerrit-Reviewer: Jenkins Builder Gerrit-HasComments: No
osmo-ggsn[master]: gtp: Explicit OSMO_ASSERT to ensure pdp variable is set
Patch Set 1: Code-Review+2 -- To view, visit https://gerrit.osmocom.org/4691 To unsubscribe, visit https://gerrit.osmocom.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: I09e37e25fd118ac0a54ab788304d3f5083463050 Gerrit-PatchSet: 1 Gerrit-Project: osmo-ggsn Gerrit-Branch: master Gerrit-Owner: Harald WelteGerrit-Reviewer: Harald Welte Gerrit-Reviewer: Jenkins Builder Gerrit-HasComments: No
osmo-bts[master]: trx: Better be safe than sorry before calling strlen
Patch Set 1: Code-Review+2 -- To view, visit https://gerrit.osmocom.org/4684 To unsubscribe, visit https://gerrit.osmocom.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: I5a9b3307f83cdde7c8e9f66932446604f5623b05 Gerrit-PatchSet: 1 Gerrit-Project: osmo-bts Gerrit-Branch: master Gerrit-Owner: Harald WelteGerrit-Reviewer: Harald Welte Gerrit-Reviewer: Jenkins Builder Gerrit-HasComments: No
osmo-bts[master]: trx: Avoid NULL+1 dereference in trx_ctrl_read_cb()
Patch Set 1: Code-Review+2 -- To view, visit https://gerrit.osmocom.org/4685 To unsubscribe, visit https://gerrit.osmocom.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: I40a49c3feb3b55ef577eebd7d567afdbcfe0d624 Gerrit-PatchSet: 1 Gerrit-Project: osmo-bts Gerrit-Branch: master Gerrit-Owner: Harald WelteGerrit-Reviewer: Harald Welte Gerrit-Reviewer: Jenkins Builder Gerrit-HasComments: No
[PATCH] osmo-sip-connector[master]: mncc.c: Ensure proper string buffer NUL termination
Review at https://gerrit.osmocom.org/4697 mncc.c: Ensure proper string buffer NUL termination Change-Id: I2f58a495f60ed744c1f625dc8df56aa4dc0aa4cb Fixes: Coverity CID#92223 --- M src/mncc.c 1 file changed, 2 insertions(+), 2 deletions(-) git pull ssh://gerrit.osmocom.org:29418/osmo-sip-connector refs/changes/97/4697/1 diff --git a/src/mncc.c b/src/mncc.c index 669a80c..45c062f 100644 --- a/src/mncc.c +++ b/src/mncc.c @@ -738,7 +738,7 @@ mncc.fields |= MNCC_F_CALLING; mncc.calling.plan = 1; mncc.calling.type = 0x0; - strncpy(mncc.calling.number, call->source, sizeof(mncc.calling.number)); + osmo_strlcpy(mncc.calling.number, call->source, sizeof(mncc.calling.number)); if (conn->app->use_imsi_as_id) { snprintf(mncc.imsi, 15, "%s", call->dest); @@ -746,7 +746,7 @@ mncc.fields |= MNCC_F_CALLED; mncc.called.plan = 1; mncc.called.type = 0x0; - strncpy(mncc.called.number, call->dest, sizeof(mncc.called.number)); + osmo_strlcpy(mncc.called.number, call->dest, sizeof(mncc.called.number)); } /* -- To view, visit https://gerrit.osmocom.org/4697 To unsubscribe, visit https://gerrit.osmocom.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I2f58a495f60ed744c1f625dc8df56aa4dc0aa4cb Gerrit-PatchSet: 1 Gerrit-Project: osmo-sip-connector Gerrit-Branch: master Gerrit-Owner: Harald Welte
[PATCH] osmo-trx[master]: SocketsTest: Fix printing of non-nul-terminated string
Review at https://gerrit.osmocom.org/4696 SocketsTest: Fix printing of non-nul-terminated string Change-Id: I33d0ddf851d84b81ab5252e3755422170cee54ee Fixes: Coverity CID#149363 --- M CommonLibs/SocketsTest.cpp 1 file changed, 2 insertions(+), 1 deletion(-) git pull ssh://gerrit.osmocom.org:29418/osmo-trx refs/changes/96/4696/1 diff --git a/CommonLibs/SocketsTest.cpp b/CommonLibs/SocketsTest.cpp index c2849e0..3198a5e 100644 --- a/CommonLibs/SocketsTest.cpp +++ b/CommonLibs/SocketsTest.cpp @@ -61,7 +61,8 @@ readSocket.nonblocking(); int rc = 0; while (rc0) { COUT("read: " << buf); -- To view, visit https://gerrit.osmocom.org/4696 To unsubscribe, visit https://gerrit.osmocom.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I33d0ddf851d84b81ab5252e3755422170cee54ee Gerrit-PatchSet: 1 Gerrit-Project: osmo-trx Gerrit-Branch: master Gerrit-Owner: Harald Welte
[PATCH] osmo-hlr[master]: hlr.c: Avoid overflow of lu_operation.subscr.imsi
Review at https://gerrit.osmocom.org/4695 hlr.c: Avoid overflow of lu_operation.subscr.imsi It appears that hlr_subscriber.imsi is 16 buffers in size: 15 chars for IMSI + 1 byte NUL. However, osmo_gsup_message.imsi is 17 bytes (for whatever reason), so we cannot simply do a strpy() as this might overflow the hlr_subscriber.imsi field! TODO: check if weactually ever receive a too-long IMSI in GSUP and reject that at an earlier time in the code flow. Fixes: Coverity CID#164746 Change-Id: I9ff94e6bb0ad2ad2a7c010d3ea7dad9af0f3c048 --- M src/hlr.c 1 file changed, 1 insertion(+), 1 deletion(-) git pull ssh://gerrit.osmocom.org:29418/osmo-hlr refs/changes/95/4695/1 diff --git a/src/hlr.c b/src/hlr.c index 6310526..78a7055 100644 --- a/src/hlr.c +++ b/src/hlr.c @@ -164,7 +164,7 @@ /* check if subscriber is known at all */ if (!lu_op_fill_subscr(luop, g_hlr->dbc, gsup->imsi)) { /* Send Error back: Subscriber Unknown in HLR */ - strcpy(luop->subscr.imsi, gsup->imsi); + osmo_strlcpy(luop->subscr.imsi, gsup->imsi, sizeof(luop->subscr.imsi)); lu_op_tx_error(luop, GMM_CAUSE_IMSI_UNKNOWN); return 0; } -- To view, visit https://gerrit.osmocom.org/4695 To unsubscribe, visit https://gerrit.osmocom.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I9ff94e6bb0ad2ad2a7c010d3ea7dad9af0f3c048 Gerrit-PatchSet: 1 Gerrit-Project: osmo-hlr Gerrit-Branch: master Gerrit-Owner: Harald Welte
[PATCH] osmo-bts[master]: l1sap: fix wrong return value of is_fill_frame()
Review at https://gerrit.osmocom.org/4694 l1sap: fix wrong return value of is_fill_frame() When determining if a frame is a fill frame or not, the case statement only conditionally handled AGCH and PCH cases. In case a non-fill-frame was observed, the return value was uninitialized, resulting in some non-fill-frames to be missed from GMSTAP Change-Id: I7b46c720e34cb8ef9a91ae5da28a050439a1937d Closes: Coverity CID#174175 --- M src/common/l1sap.c 1 file changed, 2 insertions(+), 2 deletions(-) git pull ssh://gerrit.osmocom.org:29418/osmo-bts refs/changes/94/4694/1 diff --git a/src/common/l1sap.c b/src/common/l1sap.c index 763b355..ebcfd2f 100644 --- a/src/common/l1sap.c +++ b/src/common/l1sap.c @@ -335,9 +335,9 @@ if (!memcmp(data, paging_fill, GSM_MACBLOCK_LEN)) return true; break; - default: - return false; + /* don't use 'default' case here as the above only conditionally return true */ } + return false; } static int to_gsmtap(struct gsm_bts_trx *trx, struct osmo_phsap_prim *l1sap) -- To view, visit https://gerrit.osmocom.org/4694 To unsubscribe, visit https://gerrit.osmocom.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I7b46c720e34cb8ef9a91ae5da28a050439a1937d Gerrit-PatchSet: 1 Gerrit-Project: osmo-bts Gerrit-Branch: master Gerrit-Owner: Harald Welte
[PATCH] osmo-ggsn[master]: ippool: Correctly compute size of static pool
Review at https://gerrit.osmocom.org/4693 ippool: Correctly compute size of static pool * we have to use stataddr, not addr (dynamic) * we have to multiply the length of the address by 8 to get its bit length * we can simplify the -1 +1 logic (like dynamic) Change-Id: I174102051bef95f7df34b7d7c480a00ae408be7d Fixes: Coverity CID#174189 --- M lib/ippool.c 1 file changed, 1 insertion(+), 1 deletion(-) git pull ssh://gerrit.osmocom.org:29418/osmo-ggsn refs/changes/93/4693/1 diff --git a/lib/ippool.c b/lib/ippool.c index 55a41d0..a9a64be 100644 --- a/lib/ippool.c +++ b/lib/ippool.c @@ -240,7 +240,7 @@ stataddr = stat->addr; stataddrprefixlen = stat->prefixlen; - statsize = (1 << (addr.len - stataddrprefixlen + 1)) -1; + statsize = (1 << (stataddr.len*8 - stataddrprefixlen)); if (statsize > IPPOOL_STATSIZE) statsize = IPPOOL_STATSIZE; } -- To view, visit https://gerrit.osmocom.org/4693 To unsubscribe, visit https://gerrit.osmocom.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I174102051bef95f7df34b7d7c480a00ae408be7d Gerrit-PatchSet: 1 Gerrit-Project: osmo-ggsn Gerrit-Branch: master Gerrit-Owner: Harald Welte
[PATCH] osmo-ggsn[master]: tun: Don't copy 16byte IPv6 address to 'struct in_addr'
Review at https://gerrit.osmocom.org/4692 tun: Don't copy 16byte IPv6 address to 'struct in_addr' The 'struct tun' curently only has an in_addr (v4-only) member to store the address of the tun device, so let's not attempt to store an IPv6 address in it. FIXME: This entire code needs an overhaul. The assumption that there's only one address, and only either v6 or v4 is broken to begin with. Change-Id: If0b626d688841d6e0a3867834f4cb1b70084050e Fixes: Coverity CID#174278 --- M lib/tun.c 1 file changed, 0 insertions(+), 1 deletion(-) git pull ssh://gerrit.osmocom.org:29418/osmo-ggsn refs/changes/92/4692/1 diff --git a/lib/tun.c b/lib/tun.c index 6bcc13b..3c293a2 100644 --- a/lib/tun.c +++ b/lib/tun.c @@ -396,7 +396,6 @@ #if defined(__linux__) if (addr) { - memcpy(>addr, addr, sizeof(*addr)); memcpy(_addr, addr, sizeof(*addr)); if (ioctl(fd, SIOCSIFADDR, (void *) ) < 0) { if (errno != EEXIST) { -- To view, visit https://gerrit.osmocom.org/4692 To unsubscribe, visit https://gerrit.osmocom.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: If0b626d688841d6e0a3867834f4cb1b70084050e Gerrit-PatchSet: 1 Gerrit-Project: osmo-ggsn Gerrit-Branch: master Gerrit-Owner: Harald Welte
[PATCH] osmo-ggsn[master]: gtp: Fix buffer overflow in imsi_gtp2str()
Review at https://gerrit.osmocom.org/4690 gtp: Fix buffer overflow in imsi_gtp2str() The string buffer allocated for the IMSI must be sized for a length twice the number of input bytes (each byte has two nibbles) plus 1 byte for NUL. We missed the "twice" part :/ Change-Id: I1ecaa811815ae522af71feabc5d0c1ea8b4edde9 Fixes: Coverity CID#174336 --- M gtp/gtp.c 1 file changed, 1 insertion(+), 1 deletion(-) git pull ssh://gerrit.osmocom.org:29418/osmo-ggsn refs/changes/90/4690/1 diff --git a/gtp/gtp.c b/gtp/gtp.c index 3051aaa..c798192 100644 --- a/gtp/gtp.c +++ b/gtp/gtp.c @@ -3301,7 +3301,7 @@ * _network byte order_ to contain BCD digits ?!? */ const char *imsi_gtp2str(const uint64_t *imsi) { - static char buf[sizeof(*imsi)+1]; + static char buf[sizeof(*imsi)*2+1]; const uint8_t *imsi8 = (const uint8_t *) imsi; unsigned int i, j = 0; -- To view, visit https://gerrit.osmocom.org/4690 To unsubscribe, visit https://gerrit.osmocom.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I1ecaa811815ae522af71feabc5d0c1ea8b4edde9 Gerrit-PatchSet: 1 Gerrit-Project: osmo-ggsn Gerrit-Branch: master Gerrit-Owner: Harald Welte
[PATCH] osmo-ggsn[master]: sgsnemu: Make sure buffer has space for terminating-NUL
Review at https://gerrit.osmocom.org/4688 sgsnemu: Make sure buffer has space for terminating-NUL In proc_ipv6_conf_read() we allocatea buffer on the stack but forgot the terminating NUL byte. Change-Id: I54126d8bc08c137859f2de4b47ef23fc0714fdd7 Fixes: Coverity CID#178641 --- M sgsnemu/sgsnemu.c 1 file changed, 1 insertion(+), 1 deletion(-) git pull ssh://gerrit.osmocom.org:29418/osmo-ggsn refs/changes/88/4688/1 diff --git a/sgsnemu/sgsnemu.c b/sgsnemu/sgsnemu.c index c7ca494..0b0fba6 100644 --- a/sgsnemu/sgsnemu.c +++ b/sgsnemu/sgsnemu.c @@ -985,7 +985,7 @@ static char *proc_ipv6_conf_read(const char *dev, const char *file) { const char *fmt = "/proc/sys/net/ipv6/conf/%s/%s"; - char path[strlen(fmt) + strlen(dev) + strlen(file)]; + char path[strlen(fmt) + strlen(dev) + strlen(file)+1]; snprintf(path, sizeof(path), fmt, dev, file); return proc_read(path); } -- To view, visit https://gerrit.osmocom.org/4688 To unsubscribe, visit https://gerrit.osmocom.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I54126d8bc08c137859f2de4b47ef23fc0714fdd7 Gerrit-PatchSet: 1 Gerrit-Project: osmo-ggsn Gerrit-Branch: master Gerrit-Owner: Harald Welte
[PATCH] osmo-ggsn[master]: sgsnemu: Free strings in error path
Review at https://gerrit.osmocom.org/4689 sgsnemu: Free strings in error path In create_pdp_conf(), we have to free() any strings both in the success and in the error case. Change-Id: If59cc8d6d151c123f46c1d029091209fd82b3c8e Fixes: Coverity CID#187636, CID#187633 --- M sgsnemu/sgsnemu.c 1 file changed, 2 insertions(+), 2 deletions(-) git pull ssh://gerrit.osmocom.org:29418/osmo-ggsn refs/changes/89/4689/1 diff --git a/sgsnemu/sgsnemu.c b/sgsnemu/sgsnemu.c index 0b0fba6..c31f875 100644 --- a/sgsnemu/sgsnemu.c +++ b/sgsnemu/sgsnemu.c @@ -1459,9 +1459,9 @@ "router advertisements; SLAAC will not suceed, please " "fix your setup!\n"); } - free(accept_ra); - free(forwarding); } + free(accept_ra); + free(forwarding); } ipset((struct iphash_t *)pdp->peer, ); -- To view, visit https://gerrit.osmocom.org/4689 To unsubscribe, visit https://gerrit.osmocom.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: If59cc8d6d151c123f46c1d029091209fd82b3c8e Gerrit-PatchSet: 1 Gerrit-Project: osmo-ggsn Gerrit-Branch: master Gerrit-Owner: Harald Welte
[PATCH] osmo-ggsn[master]: gtp: Explicit OSMO_ASSERT to ensure pdp variable is set
Review at https://gerrit.osmocom.org/4691 gtp: Explicit OSMO_ASSERT to ensure pdp variable is set Change-Id: I09e37e25fd118ac0a54ab788304d3f5083463050 Fixes: Coverity CID#174335 --- M gtp/gtp.c 1 file changed, 6 insertions(+), 0 deletions(-) git pull ssh://gerrit.osmocom.org:29418/osmo-ggsn refs/changes/91/4691/1 diff --git a/gtp/gtp.c b/gtp/gtp.c index c798192..b36e0c6 100644 --- a/gtp/gtp.c +++ b/gtp/gtp.c @@ -2635,6 +2635,12 @@ GTP_LOGPKG(LOGL_ERROR, peer, pack, len, "Received Error Indication\n"); + /* This is obvious from above code, given the semantics of the +* functions above, but Coverity doesn't figure this out, so +* let's make it clear. It's good style anyway in case above +* code should ever change. */ + OSMO_ASSERT(pdp); + if (gsn->cb_delete_context) gsn->cb_delete_context(pdp); pdp_freepdp(pdp); -- To view, visit https://gerrit.osmocom.org/4691 To unsubscribe, visit https://gerrit.osmocom.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I09e37e25fd118ac0a54ab788304d3f5083463050 Gerrit-PatchSet: 1 Gerrit-Project: osmo-ggsn Gerrit-Branch: master Gerrit-Owner: Harald Welte
[MERGED] osmo-ggsn[master]: sgsnemu: Fix format string in printing tun-device name
Harald Welte has submitted this change and it was merged. Change subject: sgsnemu: Fix format string in printing tun-device name .. sgsnemu: Fix format string in printing tun-device name Change-Id: Ie05050a78a135a1a76473337a341fd723bbe4976 Fixes: Coverity CID#178654 --- M sgsnemu/sgsnemu.c 1 file changed, 1 insertion(+), 1 deletion(-) Approvals: Harald Welte: Looks good to me, approved Jenkins Builder: Verified diff --git a/sgsnemu/sgsnemu.c b/sgsnemu/sgsnemu.c index b2927df..c7ca494 100644 --- a/sgsnemu/sgsnemu.c +++ b/sgsnemu/sgsnemu.c @@ -349,7 +349,7 @@ printf("timelimit: %d\n", args_info.timelimit_arg); printf("createif: %d\n", args_info.createif_flag); if (args_info.tun_device_arg) - printf("tun-device: %d\n", args_info.tun_device_arg); + printf("tun-device: %s\n", args_info.tun_device_arg); if (args_info.ipup_arg) printf("ipup: %s\n", args_info.ipup_arg); if (args_info.ipdown_arg) -- To view, visit https://gerrit.osmocom.org/4683 To unsubscribe, visit https://gerrit.osmocom.org/settings Gerrit-MessageType: merged Gerrit-Change-Id: Ie05050a78a135a1a76473337a341fd723bbe4976 Gerrit-PatchSet: 1 Gerrit-Project: osmo-ggsn Gerrit-Branch: master Gerrit-Owner: Harald WelteGerrit-Reviewer: Harald Welte Gerrit-Reviewer: Jenkins Builder
osmo-ggsn[master]: sgsnemu: Fix format string in printing tun-device name
Patch Set 1: Code-Review+2 -- To view, visit https://gerrit.osmocom.org/4683 To unsubscribe, visit https://gerrit.osmocom.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: Ie05050a78a135a1a76473337a341fd723bbe4976 Gerrit-PatchSet: 1 Gerrit-Project: osmo-ggsn Gerrit-Branch: master Gerrit-Owner: Harald WelteGerrit-Reviewer: Harald Welte Gerrit-Reviewer: Jenkins Builder Gerrit-HasComments: No
[MERGED] osmo-ggsn[master]: sgsnemu: Don't leak FILE handle in proc_read()
Harald Welte has submitted this change and it was merged. Change subject: sgsnemu: Don't leak FILE handle in proc_read() .. sgsnemu: Don't leak FILE handle in proc_read() Change-Id: Ie22e6a9bc172427e867e7a4001b6c710477a232b Fixes: Coverity CID#178660 --- M ggsn/gtp-kernel.c M sgsnemu/sgsnemu.c 2 files changed, 10 insertions(+), 35 deletions(-) Approvals: Harald Welte: Looks good to me, approved Jenkins Builder: Verified diff --git a/ggsn/gtp-kernel.c b/ggsn/gtp-kernel.c index f98586d..916b92f 100644 --- a/ggsn/gtp-kernel.c +++ b/ggsn/gtp-kernel.c @@ -11,6 +11,7 @@ #include #include #include +#include #include #include #include @@ -36,37 +37,15 @@ static void pdp_debug(struct pdp_t *pdp) { - int i; - uint64_t teid; + struct in46_addr ia46; + struct in_addr ia; - if (!debug) - return; + in46a_from_eua(>eua, ); + gsna2in_addr(, >gsnrc); - printf("version %u\n", pdp->version); - if (pdp->version == 0) { - teid = pdp_gettid(pdp->imsi, pdp->nsapi); - printf("flowid %u\n", pdp->flru); - } else { - teid = pdp->teid_gn; /* GTPIE_TEI_DI */ - } - - printf("teid %llx\n", teid); - printf("address (%u)\n", pdp->eua.l); - - /* Byte 0: 0xf1 == IETF */ - /* Byte 1: 0x21 == IPv4 */ - /* Byte 2-6: IPv4 address */ - - for (i = 0; i < 6; i++) - printf("%x ", pdp->eua.v[i] & 0xff); /* GTPIE_EUA */ - - printf("\n"); - printf("sgsn-addr (%u)\n", pdp->gsnrc.l); - - for (i = 0; i < 4; i++) - printf("%x ", pdp->gsnrc.v[i] & 0xff); /* GTPIE_GSN_ADDR */ - - printf("\n"); + LOGPDPX(DGGSN, LOGL_DEBUG, pdp, "v%u TEID %"PRIu64"x EUA=%s SGSN=%s\n", pdp->version, + pdp->version == 0 ? pdp_gettid(pdp->imsi, pdp->nsapi) : pdp->teid_gn, + in46a_ntoa(), inet_ntoa(ia)); } static struct { @@ -101,11 +80,8 @@ "cannot lookup GTP genetlink ID\n"); return -1; } - if (debug) { - SYS_ERR(DGGSN, LOGL_NOTICE, 0, - "Using the GTP kernel mode (genl ID is %d)\n", - gtp_nl.genl_id); - } + SYS_ERR(DGGSN, LOGL_DEBUG, 0, + "Using the GTP kernel mode (genl ID is %d)\n", gtp_nl.genl_id); DEBUGP(DGGSN, "Setting route to reach %s via %s\n", net_arg, GTP_DEVNAME); diff --git a/sgsnemu/sgsnemu.c b/sgsnemu/sgsnemu.c index 23cf208..b2927df 100644 --- a/sgsnemu/sgsnemu.c +++ b/sgsnemu/sgsnemu.c @@ -974,7 +974,6 @@ ret = NULL; goto out; } - return ret; out: fclose(f); -- To view, visit https://gerrit.osmocom.org/4682 To unsubscribe, visit https://gerrit.osmocom.org/settings Gerrit-MessageType: merged Gerrit-Change-Id: Ie22e6a9bc172427e867e7a4001b6c710477a232b Gerrit-PatchSet: 1 Gerrit-Project: osmo-ggsn Gerrit-Branch: master Gerrit-Owner: Harald WelteGerrit-Reviewer: Harald Welte Gerrit-Reviewer: Jenkins Builder
osmo-ggsn[master]: sgsnemu: Don't leak FILE handle in proc_read()
Patch Set 1: Code-Review+2 -- To view, visit https://gerrit.osmocom.org/4682 To unsubscribe, visit https://gerrit.osmocom.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: Ie22e6a9bc172427e867e7a4001b6c710477a232b Gerrit-PatchSet: 1 Gerrit-Project: osmo-ggsn Gerrit-Branch: master Gerrit-Owner: Harald WelteGerrit-Reviewer: Harald Welte Gerrit-Reviewer: Jenkins Builder Gerrit-HasComments: No
[PATCH] osmo-bts[master]: trx: Avoid NULL+1 dereference in trx_ctrl_read_cb()
Review at https://gerrit.osmocom.org/4685 trx: Avoid NULL+1 dereference in trx_ctrl_read_cb() We unconditionally pass "p+1" into sscanf() despite not knowing if 'p' is NULL or not. Change-Id: I40a49c3feb3b55ef577eebd7d567afdbcfe0d624 Fixes: Coverity CID#178661 --- M src/osmo-bts-trx/trx_if.c 1 file changed, 3 insertions(+), 1 deletion(-) git pull ssh://gerrit.osmocom.org:29418/osmo-bts refs/changes/85/4685/1 diff --git a/src/osmo-bts-trx/trx_if.c b/src/osmo-bts-trx/trx_if.c index 5d8f6c4..1332854 100644 --- a/src/osmo-bts-trx/trx_if.c +++ b/src/osmo-bts-trx/trx_if.c @@ -397,7 +397,9 @@ goto notmatch; /* check for response code */ - sscanf(p + 1, "%d", ); + resp = 0; + if (p) + sscanf(p + 1, "%d", ); if (resp) { LOGP(DTRX, (tcm->critical) ? LOGL_FATAL : LOGL_NOTICE, "transceiver (%s) rejected TRX command " -- To view, visit https://gerrit.osmocom.org/4685 To unsubscribe, visit https://gerrit.osmocom.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I40a49c3feb3b55ef577eebd7d567afdbcfe0d624 Gerrit-PatchSet: 1 Gerrit-Project: osmo-bts Gerrit-Branch: master Gerrit-Owner: Harald Welte
[PATCH] osmo-bts[master]: trx: Don't call osmo_fr_check_sid with negative 'rc'
Review at https://gerrit.osmocom.org/4686 trx: Don't call osmo_fr_check_sid with negative 'rc' In rx_tchf_fn(), if gsm0503_tch_fr_decode() returns a negative result, we cannot use that result as length argument to osmo_fr_check_sid() Change-Id: Ic4080b5bf6c865bef923f19a2340e1e272c8 Fixes: Coverity CID#178659 --- M src/osmo-bts-trx/scheduler_trx.c 1 file changed, 2 insertions(+), 1 deletion(-) git pull ssh://gerrit.osmocom.org:29418/osmo-bts refs/changes/86/4686/1 diff --git a/src/osmo-bts-trx/scheduler_trx.c b/src/osmo-bts-trx/scheduler_trx.c index 967e3db..c849dd5 100644 --- a/src/osmo-bts-trx/scheduler_trx.c +++ b/src/osmo-bts-trx/scheduler_trx.c @@ -1055,7 +1055,8 @@ : tch_mode) { case GSM48_CMODE_SPEECH_V1: /* FR */ rc = gsm0503_tch_fr_decode(tch_data, *bursts_p, 1, 0, _errors, _bits_total); - lchan_set_marker(osmo_fr_check_sid(tch_data, rc), lchan); /* DTXu */ + if (rc >= 0) + lchan_set_marker(osmo_fr_check_sid(tch_data, rc), lchan); /* DTXu */ break; case GSM48_CMODE_SPEECH_EFR: /* EFR */ rc = gsm0503_tch_fr_decode(tch_data, *bursts_p, 1, 1, _errors, _bits_total); -- To view, visit https://gerrit.osmocom.org/4686 To unsubscribe, visit https://gerrit.osmocom.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ic4080b5bf6c865bef923f19a2340e1e272c8 Gerrit-PatchSet: 1 Gerrit-Project: osmo-bts Gerrit-Branch: master Gerrit-Owner: Harald Welte
[PATCH] osmo-bts[master]: trx: Don't assume phy_instance_by_num() returns non-NULL
Review at https://gerrit.osmocom.org/4687 trx: Don't assume phy_instance_by_num() returns non-NULL In trx_clk_read_cb(), when calling phy_instance_by_num(), that function might in error cases return a NULL phy-instance. Let's put an OSMO_ASSERT() there as safeguard to avoid NULL dereference when dereferencing pinst->trx->bts. Fixes: Coverity CID#178657 Change-Id: If6b6b45380368e9ee9e03ca1eb7ac56c21e72b03 --- M src/osmo-bts-trx/trx_if.c 1 file changed, 2 insertions(+), 0 deletions(-) git pull ssh://gerrit.osmocom.org:29418/osmo-bts refs/changes/87/4687/1 diff --git a/src/osmo-bts-trx/trx_if.c b/src/osmo-bts-trx/trx_if.c index 1332854..7030e3c 100644 --- a/src/osmo-bts-trx/trx_if.c +++ b/src/osmo-bts-trx/trx_if.c @@ -103,6 +103,8 @@ int len; uint32_t fn; + OSMO_ASSERT(pinst); + len = recv(ofd->fd, buf, sizeof(buf) - 1, 0); if (len <= 0) return len; -- To view, visit https://gerrit.osmocom.org/4687 To unsubscribe, visit https://gerrit.osmocom.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: If6b6b45380368e9ee9e03ca1eb7ac56c21e72b03 Gerrit-PatchSet: 1 Gerrit-Project: osmo-bts Gerrit-Branch: master Gerrit-Owner: Harald Welte
[PATCH] osmo-ggsn[master]: sgsnemu: Don't leak FILE handle in proc_read()
Review at https://gerrit.osmocom.org/4682 sgsnemu: Don't leak FILE handle in proc_read() Change-Id: Ie22e6a9bc172427e867e7a4001b6c710477a232b Fixes: Coverity CID#178660 --- M ggsn/gtp-kernel.c M sgsnemu/sgsnemu.c 2 files changed, 10 insertions(+), 35 deletions(-) git pull ssh://gerrit.osmocom.org:29418/osmo-ggsn refs/changes/82/4682/1 diff --git a/ggsn/gtp-kernel.c b/ggsn/gtp-kernel.c index f98586d..916b92f 100644 --- a/ggsn/gtp-kernel.c +++ b/ggsn/gtp-kernel.c @@ -11,6 +11,7 @@ #include #include #include +#include #include #include #include @@ -36,37 +37,15 @@ static void pdp_debug(struct pdp_t *pdp) { - int i; - uint64_t teid; + struct in46_addr ia46; + struct in_addr ia; - if (!debug) - return; + in46a_from_eua(>eua, ); + gsna2in_addr(, >gsnrc); - printf("version %u\n", pdp->version); - if (pdp->version == 0) { - teid = pdp_gettid(pdp->imsi, pdp->nsapi); - printf("flowid %u\n", pdp->flru); - } else { - teid = pdp->teid_gn; /* GTPIE_TEI_DI */ - } - - printf("teid %llx\n", teid); - printf("address (%u)\n", pdp->eua.l); - - /* Byte 0: 0xf1 == IETF */ - /* Byte 1: 0x21 == IPv4 */ - /* Byte 2-6: IPv4 address */ - - for (i = 0; i < 6; i++) - printf("%x ", pdp->eua.v[i] & 0xff); /* GTPIE_EUA */ - - printf("\n"); - printf("sgsn-addr (%u)\n", pdp->gsnrc.l); - - for (i = 0; i < 4; i++) - printf("%x ", pdp->gsnrc.v[i] & 0xff); /* GTPIE_GSN_ADDR */ - - printf("\n"); + LOGPDPX(DGGSN, LOGL_DEBUG, pdp, "v%u TEID %"PRIu64"x EUA=%s SGSN=%s\n", pdp->version, + pdp->version == 0 ? pdp_gettid(pdp->imsi, pdp->nsapi) : pdp->teid_gn, + in46a_ntoa(), inet_ntoa(ia)); } static struct { @@ -101,11 +80,8 @@ "cannot lookup GTP genetlink ID\n"); return -1; } - if (debug) { - SYS_ERR(DGGSN, LOGL_NOTICE, 0, - "Using the GTP kernel mode (genl ID is %d)\n", - gtp_nl.genl_id); - } + SYS_ERR(DGGSN, LOGL_DEBUG, 0, + "Using the GTP kernel mode (genl ID is %d)\n", gtp_nl.genl_id); DEBUGP(DGGSN, "Setting route to reach %s via %s\n", net_arg, GTP_DEVNAME); diff --git a/sgsnemu/sgsnemu.c b/sgsnemu/sgsnemu.c index 23cf208..b2927df 100644 --- a/sgsnemu/sgsnemu.c +++ b/sgsnemu/sgsnemu.c @@ -974,7 +974,6 @@ ret = NULL; goto out; } - return ret; out: fclose(f); -- To view, visit https://gerrit.osmocom.org/4682 To unsubscribe, visit https://gerrit.osmocom.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ie22e6a9bc172427e867e7a4001b6c710477a232b Gerrit-PatchSet: 1 Gerrit-Project: osmo-ggsn Gerrit-Branch: master Gerrit-Owner: Harald Welte
[PATCH] osmo-ggsn[master]: sgsnemu: Fix format string in printing tun-device name
Review at https://gerrit.osmocom.org/4683 sgsnemu: Fix format string in printing tun-device name Change-Id: Ie05050a78a135a1a76473337a341fd723bbe4976 Fixes: Coverity CID#178654 --- M sgsnemu/sgsnemu.c 1 file changed, 1 insertion(+), 1 deletion(-) git pull ssh://gerrit.osmocom.org:29418/osmo-ggsn refs/changes/83/4683/1 diff --git a/sgsnemu/sgsnemu.c b/sgsnemu/sgsnemu.c index b2927df..c7ca494 100644 --- a/sgsnemu/sgsnemu.c +++ b/sgsnemu/sgsnemu.c @@ -349,7 +349,7 @@ printf("timelimit: %d\n", args_info.timelimit_arg); printf("createif: %d\n", args_info.createif_flag); if (args_info.tun_device_arg) - printf("tun-device: %d\n", args_info.tun_device_arg); + printf("tun-device: %s\n", args_info.tun_device_arg); if (args_info.ipup_arg) printf("ipup: %s\n", args_info.ipup_arg); if (args_info.ipdown_arg) -- To view, visit https://gerrit.osmocom.org/4683 To unsubscribe, visit https://gerrit.osmocom.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ie05050a78a135a1a76473337a341fd723bbe4976 Gerrit-PatchSet: 1 Gerrit-Project: osmo-ggsn Gerrit-Branch: master Gerrit-Owner: Harald Welte
[PATCH] osmocom-bb[master]: mobile/gsm322.c: replace memset() by simple for-loop
Hello Jenkins Builder, I'd like you to reexamine a change. Please visit https://gerrit.osmocom.org/4645 to look at the new patch set (#2). mobile/gsm322.c: replace memset() by simple for-loop This change prevents a possible buffer overrun in case of incorrect min / max values are passed and the compiler warning about possibility of calling memset() with constant zero length parameter. Change-Id: I2d8d78474614939659a7f24d5007b1c890776b1a --- M src/host/layer23/src/mobile/gsm322.c 1 file changed, 4 insertions(+), 2 deletions(-) git pull ssh://gerrit.osmocom.org:29418/osmocom-bb refs/changes/45/4645/2 diff --git a/src/host/layer23/src/mobile/gsm322.c b/src/host/layer23/src/mobile/gsm322.c index ad6a83b..9fda91e 100644 --- a/src/host/layer23/src/mobile/gsm322.c +++ b/src/host/layer23/src/mobile/gsm322.c @@ -313,6 +313,7 @@ static char *bargraph(int value, int min, int max) { static char bar[128]; + int i; /* shift value to the range of min..max */ if (value < min) @@ -322,8 +323,9 @@ else value -= min; - memset(bar, '=', value); - bar[value] = '\0'; + for (i = 0; i < value && i < sizeof(bar) - 1; i++) + bar[i] = '='; + bar[i] = '\0'; return bar; } -- To view, visit https://gerrit.osmocom.org/4645 To unsubscribe, visit https://gerrit.osmocom.org/settings Gerrit-MessageType: newpatchset Gerrit-Change-Id: I2d8d78474614939659a7f24d5007b1c890776b1a Gerrit-PatchSet: 2 Gerrit-Project: osmocom-bb Gerrit-Branch: master Gerrit-Owner: Vadim YanitskiyGerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: Max Gerrit-Reviewer: Vadim Yanitskiy
[PATCH] osmocom-bb[master]: mobile/gsm480_ss.c: use secure gsm_7bit_(en|de)code_n_ussd
Hello Max, Jenkins Builder, I'd like you to reexamine a change. Please visit https://gerrit.osmocom.org/4641 to look at the new patch set (#2). mobile/gsm480_ss.c: use secure gsm_7bit_(en|de)code_n_ussd Since some 'gsm_7bit_*' functions were deprecated and replaced by more secure ones with the '_n_' suffix in names, it's better to use the updated functions. Change-Id: If8a1983592f5800e3981f29962eb333ac9473f40 --- M src/host/layer23/src/mobile/gsm480_ss.c 1 file changed, 2 insertions(+), 6 deletions(-) git pull ssh://gerrit.osmocom.org:29418/osmocom-bb refs/changes/41/4641/2 diff --git a/src/host/layer23/src/mobile/gsm480_ss.c b/src/host/layer23/src/mobile/gsm480_ss.c index 8d025e9..ff90faa 100644 --- a/src/host/layer23/src/mobile/gsm480_ss.c +++ b/src/host/layer23/src/mobile/gsm480_ss.c @@ -532,7 +532,7 @@ } /* Encode service request */ - length = gsm_7bit_encode(msg->data, text); + gsm_7bit_encode_n_ussd(msg->data, msgb_tailroom(msg), text, ); msgb_put(msg, length); /* Then wrap it as an Octet String */ @@ -772,11 +772,7 @@ return -EINVAL; } num_chars = tag_len * 8 / 7; - /* Prevent a mobile-originated buffer-overrun! */ - if (num_chars > sizeof(text) - 1) - num_chars = sizeof(text) - 1; - text[sizeof(text) - 1] = '\0'; - gsm_7bit_decode(text, tag_data, num_chars); + gsm_7bit_decode_n_ussd(text, sizeof(text), tag_data, num_chars); for (i = 0; text[i]; i++) { if (text[i] == '\r') -- To view, visit https://gerrit.osmocom.org/4641 To unsubscribe, visit https://gerrit.osmocom.org/settings Gerrit-MessageType: newpatchset Gerrit-Change-Id: If8a1983592f5800e3981f29962eb333ac9473f40 Gerrit-PatchSet: 2 Gerrit-Project: osmocom-bb Gerrit-Branch: master Gerrit-Owner: Vadim YanitskiyGerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: Max
osmocom-bb[master]: mobile/gsm322.c: prevent calling memset with n <= 0
Patch Set 1: > (1 comment) > > If I interpret the code correctly it's impossible for 'value' to be > negative at this point. So it's just to get rid of compile warning? > If so than you could, perhaps, use size_t instead of int for > 'value' type: that's what memset expects anyway. Thank you, Max! I think it would be better to replace memset by a simple for-loop. This will also prevent possible buffer overruns in case of incorrect values are passed. -- To view, visit https://gerrit.osmocom.org/4645 To unsubscribe, visit https://gerrit.osmocom.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: I2d8d78474614939659a7f24d5007b1c890776b1a Gerrit-PatchSet: 1 Gerrit-Project: osmocom-bb Gerrit-Branch: master Gerrit-Owner: Vadim YanitskiyGerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: Max Gerrit-Reviewer: Vadim Yanitskiy Gerrit-HasComments: No
osmo-ci[master]: coverity: Don't use PARALLEL_MAKE for libsmpp34
Patch Set 1: Code-Review+2 Verified+1 -- To view, visit https://gerrit.osmocom.org/4681 To unsubscribe, visit https://gerrit.osmocom.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: Id78f80cf0878a0807cd06a24fa5c9561c7b84b36 Gerrit-PatchSet: 1 Gerrit-Project: osmo-ci Gerrit-Branch: master Gerrit-Owner: Harald WelteGerrit-Reviewer: Harald Welte Gerrit-HasComments: No
[MERGED] osmo-ci[master]: gerrit jenkins jobs: Remove comment-added-event
Harald Welte has submitted this change and it was merged. Change subject: gerrit jenkins jobs: Remove comment-added-event .. gerrit jenkins jobs: Remove comment-added-event This trigger is responsible for triggering another build once the first build is complete and sets a +V Change-Id: I235e0211a01da0eb74d8e6a9581aa34b59073ca0 --- M jobs/gerrit-verifications.yml 1 file changed, 0 insertions(+), 3 deletions(-) Approvals: Harald Welte: Looks good to me, approved; Verified diff --git a/jobs/gerrit-verifications.yml b/jobs/gerrit-verifications.yml index c70115c..3f6264b 100644 --- a/jobs/gerrit-verifications.yml +++ b/jobs/gerrit-verifications.yml @@ -233,9 +233,6 @@ - patchset-created-event: exclude-drafts: true exclude-no-code-change: true -- comment-added-event: -approval-category: 'Verified' -approval-value: 1 projects: - project-compare-type: 'PLAIN' project-pattern: '{repos}' -- To view, visit https://gerrit.osmocom.org/4677 To unsubscribe, visit https://gerrit.osmocom.org/settings Gerrit-MessageType: merged Gerrit-Change-Id: I235e0211a01da0eb74d8e6a9581aa34b59073ca0 Gerrit-PatchSet: 1 Gerrit-Project: osmo-ci Gerrit-Branch: master Gerrit-Owner: Harald WelteGerrit-Reviewer: Harald Welte
[MERGED] osmo-ci[master]: coverity: Don't use PARALLEL_MAKE for libsmpp34
Harald Welte has submitted this change and it was merged. Change subject: coverity: Don't use PARALLEL_MAKE for libsmpp34 .. coverity: Don't use PARALLEL_MAKE for libsmpp34 ... which apparently doesn't support this and every so often breaks the coverity upload build Change-Id: Id78f80cf0878a0807cd06a24fa5c9561c7b84b36 --- M coverity/build_Osmocom.sh 1 file changed, 10 insertions(+), 1 deletion(-) Approvals: Harald Welte: Looks good to me, approved; Verified diff --git a/coverity/build_Osmocom.sh b/coverity/build_Osmocom.sh index 81a346d..9ccee28 100755 --- a/coverity/build_Osmocom.sh +++ b/coverity/build_Osmocom.sh @@ -64,6 +64,15 @@ popd } +build_libsmpp34() { + pushd libsmpp34 + PM=$PARALLEL_MAKE + PARALLEL_MAKE="" + do_build + PARALLEL_MAKE=$PM + popd +} + cd "$src_dir" rm -rf "$prefix" @@ -75,7 +84,7 @@ build_default libosmo-abis build_default libosmo-netif build_default libosmo-sccp -build_default libsmpp34 +build_libsmpp34 build_default osmo-ggsn #IU build_default osmo-iuh build_osmopcu -- To view, visit https://gerrit.osmocom.org/4681 To unsubscribe, visit https://gerrit.osmocom.org/settings Gerrit-MessageType: merged Gerrit-Change-Id: Id78f80cf0878a0807cd06a24fa5c9561c7b84b36 Gerrit-PatchSet: 1 Gerrit-Project: osmo-ci Gerrit-Branch: master Gerrit-Owner: Harald WelteGerrit-Reviewer: Harald Welte
[PATCH] osmo-ci[master]: coverity: Don't use PARALLEL_MAKE for libsmpp34
Review at https://gerrit.osmocom.org/4681 coverity: Don't use PARALLEL_MAKE for libsmpp34 ... which apparently doesn't support this and every so often breaks the coverity upload build Change-Id: Id78f80cf0878a0807cd06a24fa5c9561c7b84b36 --- M coverity/build_Osmocom.sh 1 file changed, 10 insertions(+), 1 deletion(-) git pull ssh://gerrit.osmocom.org:29418/osmo-ci refs/changes/81/4681/1 diff --git a/coverity/build_Osmocom.sh b/coverity/build_Osmocom.sh index 81a346d..9ccee28 100755 --- a/coverity/build_Osmocom.sh +++ b/coverity/build_Osmocom.sh @@ -64,6 +64,15 @@ popd } +build_libsmpp34() { + pushd libsmpp34 + PM=$PARALLEL_MAKE + PARALLEL_MAKE="" + do_build + PARALLEL_MAKE=$PM + popd +} + cd "$src_dir" rm -rf "$prefix" @@ -75,7 +84,7 @@ build_default libosmo-abis build_default libosmo-netif build_default libosmo-sccp -build_default libsmpp34 +build_libsmpp34 build_default osmo-ggsn #IU build_default osmo-iuh build_osmopcu -- To view, visit https://gerrit.osmocom.org/4681 To unsubscribe, visit https://gerrit.osmocom.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Id78f80cf0878a0807cd06a24fa5c9561c7b84b36 Gerrit-PatchSet: 1 Gerrit-Project: osmo-ci Gerrit-Branch: master Gerrit-Owner: Harald Welte