Pau Espin Pedrol has submitted this change and it was merged.
Change subject: libmsc: bssap: Catch TLV parse failures
......................................................................
libmsc: bssap: Catch TLV parse failures
Change-Id: I1d1951f4a5daf200e85c76fea14a35e952491d27
---
M src/libmsc/a_iface_bssap.c
1 file changed, 7 insertions(+), 1 deletion(-)
Approvals:
Harald Welte: Looks good to me, approved
Jenkins Builder: Verified
diff --git a/src/libmsc/a_iface_bssap.c b/src/libmsc/a_iface_bssap.c
index 1adbe69..2947d85 100644
--- a/src/libmsc/a_iface_bssap.c
+++ b/src/libmsc/a_iface_bssap.c
@@ -522,13 +522,19 @@
{
struct gsm_subscriber_connection *conn;
struct tlv_parsed tp;
+ int rc;
if (msgb_l3len(msg) < 1) {
LOGP(DBSSAP, LOGL_NOTICE, "Error: No data received --
discarding message!\n");
return -1;
}
- tlv_parse(&tp, gsm0808_att_tlvdef(), msg->l3h + 1, msgb_l3len(msg) - 1,
0, 0);
+ rc = tlv_parse(&tp, gsm0808_att_tlvdef(), msg->l3h + 1, msgb_l3len(msg)
- 1, 0, 0);
+ if (rc < 0) {
+ LOGP(DBSSAP, LOGL_ERROR, "Failed parsing TLV -- discarding
message! %s\n",
+ osmo_hexdump(msg->l3h, msgb_l3len(msg)));
+ return -EINVAL;
+ }
/* Only message types allowed without a 'conn' */
switch (msg->l3h[0]) {
--
To view, visit https://gerrit.osmocom.org/6451
To unsubscribe, visit https://gerrit.osmocom.org/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I1d1951f4a5daf200e85c76fea14a35e952491d27
Gerrit-PatchSet: 1
Gerrit-Project: osmo-msc
Gerrit-Branch: master
Gerrit-Owner: Pau Espin Pedrol <pes...@sysmocom.de>
Gerrit-Reviewer: Harald Welte <lafo...@gnumonks.org>
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: Pau Espin Pedrol <pes...@sysmocom.de>
