fixeria has submitted this change. (
https://gerrit.osmocom.org/c/osmo-bts/+/27764 )
Change subject: rsl: always check return value of rsl_tlv_parse()
......................................................................
rsl: always check return value of rsl_tlv_parse()
Change-Id: I07cbd2849d83af28eb0458547f0eacc81347df23
---
M src/common/rsl.c
1 file changed, 57 insertions(+), 24 deletions(-)
Approvals:
laforge: Looks good to me, but someone else must approve
fixeria: Looks good to me, approved
pespin: Looks good to me, but someone else must approve
Jenkins Builder: Verified
diff --git a/src/common/rsl.c b/src/common/rsl.c
index 961e065..76a4c76 100644
--- a/src/common/rsl.c
+++ b/src/common/rsl.c
@@ -498,7 +498,11 @@
struct gsm48_system_information_type_2quater *si2q;
struct bitvec bv;
const uint8_t *si_buf;
- rsl_tlv_parse(&tp, msgb_l3(msg), msgb_l3len(msg));
+
+ if (rsl_tlv_parse(&tp, msgb_l3(msg), msgb_l3len(msg)) < 0) {
+ LOGPTRX(trx, DRSL, LOGL_ERROR, "%s(): rsl_tlv_parse()
failed\n", __func__);
+ return rsl_tx_error_report(trx, RSL_ERR_PROTO, &cch->chan_nr,
NULL, msg);
+ }
/* 9.3.30 System Info Type */
if (!TLVP_PRESENT(&tp, RSL_IE_SYSINFO_TYPE))
@@ -695,7 +699,10 @@
const uint8_t *identity_lv;
int rc;
- rsl_tlv_parse(&tp, msgb_l3(msg), msgb_l3len(msg));
+ if (rsl_tlv_parse(&tp, msgb_l3(msg), msgb_l3len(msg)) < 0) {
+ LOGPTRX(trx, DRSL, LOGL_ERROR, "%s(): rsl_tlv_parse()
failed\n", __func__);
+ return rsl_tx_error_report(trx, RSL_ERR_PROTO, &cch->chan_nr,
NULL, msg);
+ }
if (!TLVP_PRESENT(&tp, RSL_IE_PAGING_GROUP) ||
!TLVP_PRESENT(&tp, RSL_IE_MS_IDENTITY))
@@ -730,7 +737,10 @@
bool extended_cbch = false;
int rc;
- rsl_tlv_parse(&tp, msgb_l3(msg), msgb_l3len(msg));
+ if (rsl_tlv_parse(&tp, msgb_l3(msg), msgb_l3len(msg)) < 0) {
+ LOGPTRX(trx, DRSL, LOGL_ERROR, "%s(): rsl_tlv_parse()
failed\n", __func__);
+ return rsl_tx_error_report(trx, RSL_ERR_PROTO, &cch->chan_nr,
NULL, msg);
+ }
if (!TLVP_PRESENT(&tp, RSL_IE_CB_CMD_TYPE) ||
!TLVP_PRESENT(&tp, RSL_IE_SMSCB_MSG))
@@ -759,7 +769,10 @@
struct gsm_bts *bts = trx->bts;
struct tlv_parsed tp;
- rsl_tlv_parse(&tp, msgb_l3(msg), msgb_l3len(msg));
+ if (rsl_tlv_parse(&tp, msgb_l3(msg), msgb_l3len(msg)) < 0) {
+ LOGPTRX(trx, DRSL, LOGL_ERROR, "%s(): rsl_tlv_parse()
failed\n", __func__);
+ return rsl_tx_error_report(trx, RSL_ERR_PROTO, &cch->chan_nr,
NULL, msg);
+ }
if (!TLVP_PRESENT(&tp, RSL_IE_SMSCB_MSG))
return rsl_tx_error_report(trx, RSL_ERR_MAND_IE_ERROR,
&cch->chan_nr, NULL, msg);
@@ -848,7 +861,10 @@
uint8_t rsl_si;
enum osmo_sysinfo_type osmo_si;
- rsl_tlv_parse(&tp, msgb_l3(msg), msgb_l3len(msg));
+ if (rsl_tlv_parse(&tp, msgb_l3(msg), msgb_l3len(msg)) < 0) {
+ LOGPTRX(trx, DRSL, LOGL_ERROR, "%s(): rsl_tlv_parse()
failed\n", __func__);
+ return rsl_tx_error_report(trx, RSL_ERR_PROTO, NULL, NULL, msg);
+ }
/* 9.3.30 System Info Type */
if (!TLVP_PRESENT(&tp, RSL_IE_SYSINFO_TYPE))
@@ -1105,14 +1121,11 @@
struct gsm_power_ctrl_params *params;
const struct tlv_p_entry *ie;
struct tlv_parsed tp;
- int rc;
LOGPTRX(trx, DRSL, LOGL_INFO, "Rx Measurement Pre-processing
Defaults\n");
- rc = rsl_tlv_parse(&tp, msgb_l3(msg), msgb_l3len(msg));
- if (rc < 0) {
- LOGPTRX(trx, DRSL, LOGL_ERROR, "Failed to parse ip.access
specific "
- "Measurement Pre-processing Defaults for MS/BS Power
control\n");
+ if (rsl_tlv_parse(&tp, msgb_l3(msg), msgb_l3len(msg)) < 0) {
+ LOGPTRX(trx, DRSL, LOGL_ERROR, "%s(): rsl_tlv_parse()
failed\n", __func__);
return rsl_tx_error_report(trx, RSL_ERR_PROTO, NULL, NULL, msg);
}
@@ -1161,7 +1174,10 @@
struct abis_rsl_cchan_hdr *cch = msgb_l2(msg);
struct tlv_parsed tp;
- rsl_tlv_parse(&tp, msgb_l3(msg), msgb_l3len(msg));
+ if (rsl_tlv_parse(&tp, msgb_l3(msg), msgb_l3len(msg)) < 0) {
+ LOGPTRX(trx, DRSL, LOGL_ERROR, "%s(): rsl_tlv_parse()
failed\n", __func__);
+ return rsl_tx_error_report(trx, RSL_ERR_PROTO, &cch->chan_nr,
NULL, msg);
+ }
if (!TLVP_PRESENT(&tp, RSL_IE_FULL_IMM_ASS_INFO))
return rsl_tx_error_report(trx, RSL_ERR_MAND_IE_ERROR,
&cch->chan_nr, NULL, msg);
@@ -1713,7 +1729,10 @@
.current = 0,
};
- rsl_tlv_parse(&tp, msgb_l3(msg), msgb_l3len(msg));
+ if (rsl_tlv_parse(&tp, msgb_l3(msg), msgb_l3len(msg)) < 0) {
+ LOGPLCHAN(lchan, DRSL, LOGL_ERROR, "%s(): rsl_tlv_parse()
failed\n", __func__);
+ return rsl_tx_chan_act_nack(lchan, RSL_ERR_PROTO);
+ }
/* 9.3.3 Activation Type */
if (!TLVP_PRESENT(&tp, RSL_IE_ACT_TYPE)) {
@@ -2068,7 +2087,8 @@
uint8_t link_id;
if (rsl_tlv_parse(&tp, msgb_l3(msg), msgb_l3len(msg)) < 0) {
- return rsl_tx_error_report(msg->trx, RSL_ERR_IE_CONTENT,
&dch->chan_nr, NULL, msg);
+ LOGPLCHAN(lchan, DRSL, LOGL_ERROR, "%s(): rsl_tlv_parse()
failed\n", __func__);
+ return rsl_tx_error_report(msg->trx, RSL_ERR_PROTO,
&dch->chan_nr, NULL, msg);
}
if (!TLVP_PRESENT(&tp, RSL_IE_ENCR_INFO) ||
@@ -2189,7 +2209,10 @@
uint8_t cause;
int rc;
- rsl_tlv_parse(&tp, msgb_l3(msg), msgb_l3len(msg));
+ if (rsl_tlv_parse(&tp, msgb_l3(msg), msgb_l3len(msg)) < 0) {
+ LOGPLCHAN(lchan, DRSL, LOGL_ERROR, "%s(): rsl_tlv_parse()
failed\n", __func__);
+ return rsl_tx_mode_modif_nack(lchan, RSL_ERR_PROTO);
+ }
/* 9.3.6 Channel Mode */
if (rsl_handle_chan_mod_ie(lchan, &tp, &cause) != 0)
@@ -2255,7 +2278,10 @@
uint8_t pwr;
int max_pwr, curr_pwr;
- rsl_tlv_parse(&tp, msgb_l3(msg), msgb_l3len(msg));
+ if (rsl_tlv_parse(&tp, msgb_l3(msg), msgb_l3len(msg)) < 0) {
+ LOGPLCHAN(lchan, DRSL, LOGL_ERROR, "%s(): rsl_tlv_parse()
failed\n", __func__);
+ return rsl_tx_error_report(msg->trx, RSL_ERR_PROTO,
&dch->chan_nr, NULL, msg);
+ }
/* 9.3.13 MS Power (M) */
if (!TLVP_PRES_LEN(&tp, RSL_IE_MS_POWER, 1))
@@ -2318,7 +2344,10 @@
struct tlv_parsed tp;
uint8_t old, new;
- rsl_tlv_parse(&tp, msgb_l3(msg), msgb_l3len(msg));
+ if (rsl_tlv_parse(&tp, msgb_l3(msg), msgb_l3len(msg)) < 0) {
+ LOGPLCHAN(lchan, DRSL, LOGL_ERROR, "%s(): rsl_tlv_parse()
failed\n", __func__);
+ return rsl_tx_error_report(trx, RSL_ERR_PROTO, &dch->chan_nr,
NULL, msg);
+ }
/* 9.3.4 BS Power (M) */
if (!TLVP_PRES_LEN(&tp, RSL_IE_BS_POWER, 1))
@@ -2391,7 +2420,10 @@
struct tlv_parsed tp;
uint8_t rsl_si, osmo_si;
- rsl_tlv_parse(&tp, msgb_l3(msg), msgb_l3len(msg));
+ if (rsl_tlv_parse(&tp, msgb_l3(msg), msgb_l3len(msg)) < 0) {
+ LOGPLCHAN(lchan, DRSL, LOGL_ERROR, "%s(): rsl_tlv_parse()
failed\n", __func__);
+ return rsl_tx_error_report(msg->trx, RSL_ERR_PROTO,
&dch->chan_nr, NULL, msg);
+ }
if (TLVP_PRESENT(&tp, RSL_IE_STARTNG_TIME)) {
LOGPLCHAN(lchan, DRSL, LOGL_NOTICE, "Starting time not
supported\n");
@@ -2730,10 +2762,10 @@
return tx_ipac_XXcx_nack(lchan, 0x52,
0, dch->c.msg_type);
- rc = rsl_tlv_parse(&tp, msgb_l3(msg), msgb_l3len(msg));
- if (rc < 0)
- return tx_ipac_XXcx_nack(lchan, RSL_ERR_MAND_IE_ERROR,
- 0, dch->c.msg_type);
+ if (rsl_tlv_parse(&tp, msgb_l3(msg), msgb_l3len(msg)) < 0) {
+ LOGPLCHAN(lchan, DRSL, LOGL_ERROR, "%s(): rsl_tlv_parse()
failed\n", __func__);
+ return tx_ipac_XXcx_nack(lchan, RSL_ERR_PROTO, 0,
dch->c.msg_type);
+ }
LOGPLCHAN(lchan, DRSL, LOGL_DEBUG, "IPAC_%s: ", name);
if (TLVP_PRES_LEN(&tp, RSL_IE_IPAC_REMOTE_IP, 4)) {
@@ -2908,9 +2940,10 @@
struct gsm_lchan *lchan = msg->lchan;
int rc, inc_conn_id = 0;
- rc = rsl_tlv_parse(&tp, msgb_l3(msg), msgb_l3len(msg));
- if (rc < 0)
- return rsl_tx_ipac_dlcx_nack(lchan, 0, RSL_ERR_MAND_IE_ERROR);
+ if (rsl_tlv_parse(&tp, msgb_l3(msg), msgb_l3len(msg)) < 0) {
+ LOGPLCHAN(lchan, DRSL, LOGL_ERROR, "%s(): rsl_tlv_parse()
failed\n", __func__);
+ return rsl_tx_ipac_dlcx_nack(lchan, 0, RSL_ERR_PROTO);
+ }
if (TLVP_PRESENT(&tp, RSL_IE_IPAC_CONN_ID))
inc_conn_id = 1;
--
To view, visit https://gerrit.osmocom.org/c/osmo-bts/+/27764
To unsubscribe, or for help writing mail filters, visit
https://gerrit.osmocom.org/settings
Gerrit-Project: osmo-bts
Gerrit-Branch: master
Gerrit-Change-Id: I07cbd2849d83af28eb0458547f0eacc81347df23
Gerrit-Change-Number: 27764
Gerrit-PatchSet: 2
Gerrit-Owner: fixeria <[email protected]>
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: fixeria <[email protected]>
Gerrit-Reviewer: laforge <[email protected]>
Gerrit-Reviewer: osmith <[email protected]>
Gerrit-Reviewer: pespin <[email protected]>
Gerrit-MessageType: merged
