Patch Set 7: Code-Review-1 (2 comments)
https://gerrit.osmocom.org/#/c/4905/7/src/libosmo-mgcp/mgcp_conn.c File src/libosmo-mgcp/mgcp_conn.c: Line 63: LOGP(DLMGCP, LOGL_ERROR, "endpoint:%x, unable to generate a unique connectionIdentifier\n", I think it's 0x prefixed in other patches now? https://gerrit.osmocom.org/#/c/4905/7/tests/mgcp/mgcp_test.c File tests/mgcp/mgcp_test.c: Line 579: OSMO_ASSERT(strlen(conn_id) <= 32); so we receive a response from another network element, which is UDP based and can be spoofed by anyone, and we crash our MGW based on this? "ASSERT" should be used in cases where something has gone wrong so badly that assumptions of the developer have not been fulfilled. Under no circumstances we should ASSERT on any message received from a remote entity on the network. -- To view, visit https://gerrit.osmocom.org/4905 To unsubscribe, visit https://gerrit.osmocom.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: Iab6a6038e7610c62f34e642cd49c93d11151252c Gerrit-PatchSet: 7 Gerrit-Project: osmo-mgw Gerrit-Branch: master Gerrit-Owner: Harald Welte <[email protected]> Gerrit-Reviewer: Harald Welte <[email protected]> Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: Neels Hofmeyr <[email protected]> Gerrit-Reviewer: dexter <[email protected]> Gerrit-HasComments: Yes
