Harald Welte has submitted this change and it was merged.
Change subject: host/mobile: use talloc for ms->name allocation
......................................................................
host/mobile: use talloc for ms->name allocation
The approach of talloc memory management reduces memory usage,
and prevents some buffer overflows, which were possible before.
Change-Id: Icd6706117fdd7f1b3481b0e3817bbb3b31f12f60
---
M src/host/layer23/include/osmocom/bb/common/osmocom_data.h
M src/host/layer23/src/common/main.c
M src/host/layer23/src/mobile/app_mobile.c
M src/host/layer23/src/mobile/gsm322.c
M src/host/layer23/src/mobile/vty_interface.c
5 files changed, 32 insertions(+), 27 deletions(-)
Approvals:
Harald Welte: Looks good to me, approved
Jenkins Builder: Verified
diff --git a/src/host/layer23/include/osmocom/bb/common/osmocom_data.h
b/src/host/layer23/include/osmocom/bb/common/osmocom_data.h
index 17dad10..9b544ab 100644
--- a/src/host/layer23/include/osmocom/bb/common/osmocom_data.h
+++ b/src/host/layer23/include/osmocom/bb/common/osmocom_data.h
@@ -57,7 +57,7 @@
/* One Mobilestation for osmocom */
struct osmocom_ms {
struct llist_head entity;
- char name[32];
+ char *name;
struct osmo_wqueue l2_wq, sap_wq;
uint16_t test_arfcn;
struct osmol1_entity l1_entity;
diff --git a/src/host/layer23/src/common/main.c
b/src/host/layer23/src/common/main.c
index 59cee03..693b10e 100644
--- a/src/host/layer23/src/common/main.c
+++ b/src/host/layer23/src/common/main.c
@@ -246,8 +246,7 @@
llist_add_tail(&ms->entity, &ms_list);
- sprintf(ms->name, "1");
-
+ ms->name = talloc_strdup(ms, "1");
ms->test_arfcn = 871;
handle_options(argc, argv);
diff --git a/src/host/layer23/src/mobile/app_mobile.c
b/src/host/layer23/src/mobile/app_mobile.c
index c74a93f..7dc7208 100644
--- a/src/host/layer23/src/mobile/app_mobile.c
+++ b/src/host/layer23/src/mobile/app_mobile.c
@@ -248,18 +248,21 @@
struct osmocom_ms *mobile_new(char *name)
{
static struct osmocom_ms *ms;
+ char *mncc_name;
ms = talloc_zero(l23_ctx, struct osmocom_ms);
if (!ms) {
fprintf(stderr, "Failed to allocate MS\n");
return NULL;
}
- llist_add_tail(&ms->entity, &ms_list);
- strcpy(ms->name, name);
-
+ talloc_set_name(ms, "ms_%s", name);
+ ms->name = talloc_strdup(ms, name);
ms->l2_wq.bfd.fd = -1;
ms->sap_wq.bfd.fd = -1;
+
+ /* Register a new MS */
+ llist_add_tail(&ms->entity, &ms_list);
gsm_support_init(ms);
gsm_settings_init(ms);
@@ -267,13 +270,12 @@
ms->shutdown = 3; /* being down */
if (mncc_recv_app) {
- char name[32];
-
- sprintf(name, "/tmp/ms_mncc_%s", ms->name);
+ mncc_name = talloc_asprintf(ms, "/tmp/ms_mncc_%s", ms->name);
ms->mncc_entity.mncc_recv = mncc_recv_app;
- ms->mncc_entity.sock_state = mncc_sock_init(ms, name, l23_ctx);
+ ms->mncc_entity.sock_state = mncc_sock_init(ms, mncc_name,
l23_ctx);
+ talloc_free(mncc_name);
} else if (ms->settings.ch_cap == GSM_CAP_SDCCH)
ms->mncc_entity.mncc_recv = mncc_recv_dummy;
else
diff --git a/src/host/layer23/src/mobile/gsm322.c
b/src/host/layer23/src/mobile/gsm322.c
index 993e5ca..ad6a83b 100644
--- a/src/host/layer23/src/mobile/gsm322.c
+++ b/src/host/layer23/src/mobile/gsm322.c
@@ -5028,7 +5028,7 @@
struct gsm322_plmn *plmn = &ms->plmn;
struct gsm322_cellsel *cs = &ms->cellsel;
FILE *fp;
- char filename[PATH_MAX];
+ char *ba_filename;
int i;
struct gsm322_ba_list *ba;
uint8_t buf[4];
@@ -5060,8 +5060,9 @@
cs->list[i].flags |= GSM322_CS_FLAG_SUPPORT;
/* read BA list */
- sprintf(filename, "%s/%s.ba", config_dir, ms->name);
- fp = fopen(filename, "r");
+ ba_filename = talloc_asprintf(ms, "%s/%s.ba", config_dir, ms->name);
+ fp = fopen(ba_filename, "r");
+ talloc_free(ba_filename);
if (fp) {
int rc;
char *s_rc;
@@ -5108,7 +5109,7 @@
struct llist_head *lh, *lh2;
struct msgb *msg;
FILE *fp;
- char filename[PATH_MAX];
+ char *ba_filename;
struct gsm322_ba_list *ba;
uint8_t buf[4];
int rc = 0;
@@ -5137,20 +5138,23 @@
}
/* store BA list */
- sprintf(filename, "%s/%s.ba", config_dir, ms->name);
- fp = fopen(filename, "w");
- if (fp) {
- fputs(ba_version, fp);
- llist_for_each_entry(ba, &cs->ba_list, entry) {
- buf[0] = ba->mcc >> 8;
- buf[1] = ba->mcc & 0xff;
- buf[2] = ba->mnc >> 8;
- buf[3] = ba->mnc & 0xff;
+ ba_filename = talloc_asprintf(ms, "%s/%s.ba", config_dir, ms->name);
+ if (ba_filename) {
+ fp = fopen(ba_filename, "w");
+ talloc_free(ba_filename);
+ if (fp) {
+ fputs(ba_version, fp);
+ llist_for_each_entry(ba, &cs->ba_list, entry) {
+ buf[0] = ba->mcc >> 8;
+ buf[1] = ba->mcc & 0xff;
+ buf[2] = ba->mnc >> 8;
+ buf[3] = ba->mnc & 0xff;
- rc += fwrite(buf, 4, 1, fp);
- rc += fwrite(ba->freq, sizeof(ba->freq), 1, fp);
+ rc += fwrite(buf, 4, 1, fp);
+ rc += fwrite(ba->freq, sizeof(ba->freq), 1, fp);
+ }
+ fclose(fp);
}
- fclose(fp);
}
if (rc == 2)
diff --git a/src/host/layer23/src/mobile/vty_interface.c
b/src/host/layer23/src/mobile/vty_interface.c
index 78d136d..d909153 100644
--- a/src/host/layer23/src/mobile/vty_interface.c
+++ b/src/host/layer23/src/mobile/vty_interface.c
@@ -1265,7 +1265,7 @@
return CMD_WARNING;
}
- strncpy(ms->name, argv[1], sizeof(ms->name) - 1);
+ osmo_talloc_replace_string(ms, &ms->name, argv[1]);
return CMD_SUCCESS;
}
--
To view, visit https://gerrit.osmocom.org/2667
To unsubscribe, visit https://gerrit.osmocom.org/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Icd6706117fdd7f1b3481b0e3817bbb3b31f12f60
Gerrit-PatchSet: 5
Gerrit-Project: osmocom-bb
Gerrit-Branch: master
Gerrit-Owner: Vadim Yanitskiy <[email protected]>
Gerrit-Reviewer: Harald Welte <[email protected]>
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: Vadim Yanitskiy <[email protected]>
