Stefan Sperling has submitted this change and it was merged. (
https://gerrit.osmocom.org/11876 )
Change subject: consistently check the result of osmo_shift_v_fixed()
......................................................................
consistently check the result of osmo_shift_v_fixed()
Coverity points out we forgot to check the return value of
osmo_shift_v_fixed() in some places. Add checks which verify
the expected length of data which is skipped by the parser.
Change-Id: I20406f411810e966443d6fd5a4620b9a66cd9809
Related: CID#135160
---
M src/gprs/gprs_gb_parse.c
1 file changed, 10 insertions(+), 5 deletions(-)
Approvals:
Jenkins Builder: Verified
Harald Welte: Looks good to me, approved
diff --git a/src/gprs/gprs_gb_parse.c b/src/gprs/gprs_gb_parse.c
index 18565ae..93b90a2 100644
--- a/src/gprs/gprs_gb_parse.c
+++ b/src/gprs/gprs_gb_parse.c
@@ -46,7 +46,8 @@
/* Skip Attach type */
/* Skip Ciphering key sequence number */
/* Skip DRX parameter */
- osmo_shift_v_fixed(&data, &data_len, 3, NULL);
+ if (osmo_shift_v_fixed(&data, &data_len, 3, NULL) < 3)
+ return 0;
/* Get Mobile identity */
if (osmo_shift_lv(&data, &data_len, &value, &value_len) <= 0 ||
@@ -82,7 +83,8 @@
/* Skip Periodic RA update timer */
/* Skip Radio priority for SMS */
/* Skip Spare half octet */
- osmo_shift_v_fixed(&data, &data_len, 3, NULL);
+ if (osmo_shift_v_fixed(&data, &data_len, 3, NULL) < 3)
+ return 0;
if (osmo_shift_v_fixed(&data, &data_len, 6, &value) <= 0)
return 0;
@@ -170,7 +172,8 @@
/* Skip Update type */
/* Skip GPRS ciphering key sequence number */
- osmo_shift_v_fixed(&data, &data_len, 1, NULL);
+ if (osmo_shift_v_fixed(&data, &data_len, 1, NULL) < 1)
+ return 0;
if (osmo_shift_v_fixed(&data, &data_len, 6, &value) <= 0)
return 0;
@@ -221,7 +224,8 @@
/* Skip Force to standby */
/* Skip Update result */
/* Skip Periodic RA update timer */
- osmo_shift_v_fixed(&data, &data_len, 2, NULL);
+ if (osmo_shift_v_fixed(&data, &data_len, 2, NULL) < 2)
+ return 0;
if (osmo_shift_v_fixed(&data, &data_len, 6, &value) <= 0)
return 0;
@@ -299,7 +303,8 @@
/* Skip Requested NSAPI */
/* Skip Requested LLC SAPI */
- osmo_shift_v_fixed(&data, &data_len, 2, NULL);
+ if (osmo_shift_v_fixed(&data, &data_len, 2, NULL) < 2)
+ return 0;
/* Skip Requested QoS (support 04.08 and 24.008) */
if (osmo_shift_lv(&data, &data_len, NULL, &value_len) <= 0 ||
--
To view, visit https://gerrit.osmocom.org/11876
To unsubscribe, or for help writing mail filters, visit
https://gerrit.osmocom.org/settings
Gerrit-Project: osmo-sgsn
Gerrit-Branch: master
Gerrit-MessageType: merged
Gerrit-Change-Id: I20406f411810e966443d6fd5a4620b9a66cd9809
Gerrit-Change-Number: 11876
Gerrit-PatchSet: 1
Gerrit-Owner: Stefan Sperling <[email protected]>
Gerrit-Reviewer: Harald Welte <[email protected]>
Gerrit-Reviewer: Jenkins Builder (1000002)
Gerrit-Reviewer: Stefan Sperling <[email protected]>
