Review at https://gerrit.osmocom.org/4684
trx: Better be safe than sorry before calling strlen
There's a lot of pointer arithmetic in trx_ctrl_read_cb which is
not so nice. While I believe the current code is safe, Coverity
raises "CID 178665: Insecure data handling (INTEGER_OVERFLOW)"
regardin the use of rsp_len in the strcmp().
Let's put some OSMO_ASSERT() in front and hope that makes Coverity
happy.
Change-Id: I5a9b3307f83cdde7c8e9f66932446604f5623b05
---
M src/osmo-bts-trx/trx_if.c
1 file changed, 2 insertions(+), 0 deletions(-)
git pull ssh://gerrit.osmocom.org:29418/osmo-bts refs/changes/84/4684/1
diff --git a/src/osmo-bts-trx/trx_if.c b/src/osmo-bts-trx/trx_if.c
index a41cf2c..5d8f6c4 100644
--- a/src/osmo-bts-trx/trx_if.c
+++ b/src/osmo-bts-trx/trx_if.c
@@ -391,6 +391,8 @@
"message '%s'\n", buf, tcm->cmd);
goto rsp_error;
}
+ OSMO_ASSERT(strlen(buf+4) >= rsp_len);
+ OSMO_ASSERT(strlen(tcm->cmd+4) >= rsp_len);
if (!!strncmp(buf + 4, tcm->cmd + 4, rsp_len))
goto notmatch;
--
To view, visit https://gerrit.osmocom.org/4684
To unsubscribe, visit https://gerrit.osmocom.org/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I5a9b3307f83cdde7c8e9f66932446604f5623b05
Gerrit-PatchSet: 1
Gerrit-Project: osmo-bts
Gerrit-Branch: master
Gerrit-Owner: Harald Welte <[email protected]>
