Patch Set 2: (1 comment)
https://gerrit.osmocom.org/#/c/5424/2/src/libmsc/a_iface_bssap.c File src/libmsc/a_iface_bssap.c: Line 328: msg->l3h = msgb_put(msg, TLVP_LEN(&tp, GSM0808_IE_LAYER_3_INFORMATION)); > msgb_put() will panic if the length value provided in the data packet excee The point here is that the MSC side is the "trusted core network" and that we are encoding a 08.08 (DTAP) messsage from MSC to the phone. So if the MSC is sending something that's too large, then it *might* be acceptable to ASSERT. Better would be to verify that TLVP_LEN is not larger than what the 3GPP spec for 08.08 (48.008) says, and to ensure our new msgb always has at least as much space. -- To view, visit https://gerrit.osmocom.org/5424 To unsubscribe, visit https://gerrit.osmocom.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: I28073efd5cff58cd212341bceee784caf08d5ad8 Gerrit-PatchSet: 2 Gerrit-Project: osmo-msc Gerrit-Branch: master Gerrit-Owner: Pau Espin Pedrol <[email protected]> Gerrit-Reviewer: Harald Welte <[email protected]> Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: Pau Espin Pedrol <[email protected]> Gerrit-Reviewer: Stefan Sperling <[email protected]> Gerrit-HasComments: Yes
