fixeria has submitted this change and it was merged. (
https://gerrit.osmocom.org/c/osmo-pcu/+/14923 )
Change subject: gprs_bssgp_pcu.cpp: check return code of gsm48_mi_to_string()
......................................................................
gprs_bssgp_pcu.cpp: check return code of gsm48_mi_to_string()
Change-Id: Id1ad279ce9bef38eb3d11ac62337276207e8d8bd
---
M src/gprs_bssgp_pcu.cpp
1 file changed, 17 insertions(+), 3 deletions(-)
Approvals:
laforge: Looks good to me, approved
keith: Looks good to me, but someone else must approve
pespin: Looks good to me, but someone else must approve
Jenkins Builder: Verified
diff --git a/src/gprs_bssgp_pcu.cpp b/src/gprs_bssgp_pcu.cpp
index 3ea3e59..f7c681c 100644
--- a/src/gprs_bssgp_pcu.cpp
+++ b/src/gprs_bssgp_pcu.cpp
@@ -28,6 +28,7 @@
#include <pdch.h>
extern "C" {
+ #include <osmocom/gsm/protocol/gsm_23_003.h>
#include <osmocom/core/utils.h>
#include "coding_scheme.h"
}
@@ -93,6 +94,7 @@
char imsi[16] = "000";
uint8_t ms_class = 0;
uint8_t egprs_ms_class = 0;
+ int rc;
#if 0
MS_Radio_Access_capability_t rac;
#endif
@@ -120,8 +122,13 @@
* will listen to all paging blocks. */
if (TLVP_PRESENT(tp, BSSGP_IE_IMSI))
{
- gsm48_mi_to_string(imsi, sizeof(imsi), TLVP_VAL(tp,
BSSGP_IE_IMSI),
- TLVP_LEN(tp,
BSSGP_IE_IMSI));
+ /* gsm48_mi_to_string() returns number of bytes written,
including '\0' */
+ rc = gsm48_mi_to_string(imsi, sizeof(imsi), TLVP_VAL(tp,
BSSGP_IE_IMSI),
+ TLVP_LEN(tp,
BSSGP_IE_IMSI));
+ if (rc != GSM23003_IMSI_MAX_DIGITS + 1) {
+ LOGP(DBSSGP, LOGL_NOTICE, "Failed to parse IMSI IE
(rc=%d)\n", rc);
+ return bssgp_tx_status(BSSGP_CAUSE_COND_IE_ERR, NULL,
msg);
+ }
}
#if 0 /* Do not rely on this IE. TODO: make this configurable */
@@ -172,6 +179,7 @@
char imsi[16];
uint8_t *ptmsi = (uint8_t *) TLVP_VAL(tp, BSSGP_IE_TMSI);
uint16_t ptmsi_len = TLVP_LEN(tp, BSSGP_IE_TMSI);
+ int rc;
LOGP(DBSSGP, LOGL_NOTICE, " P-TMSI = ");
for (int i = 0; i < ptmsi_len; i++)
@@ -185,7 +193,13 @@
return -EINVAL;
}
- gsm48_mi_to_string(imsi, sizeof(imsi), TLVP_VAL(tp, BSSGP_IE_IMSI),
TLVP_LEN(tp, BSSGP_IE_IMSI));
+ /* gsm48_mi_to_string() returns number of bytes written, including '\0'
*/
+ rc = gsm48_mi_to_string(imsi, sizeof(imsi), TLVP_VAL(tp, BSSGP_IE_IMSI),
+ TLVP_LEN(tp,
BSSGP_IE_IMSI));
+ if (rc != GSM23003_IMSI_MAX_DIGITS + 1) {
+ LOGP(DBSSGP, LOGL_NOTICE, "Failed to parse IMSI IE (rc=%d)\n",
rc);
+ return bssgp_tx_status(BSSGP_CAUSE_COND_IE_ERR, NULL, msg);
+ }
return gprs_rlcmac_paging_request(ptmsi, ptmsi_len, imsi);
}
--
To view, visit https://gerrit.osmocom.org/c/osmo-pcu/+/14923
To unsubscribe, or for help writing mail filters, visit
https://gerrit.osmocom.org/settings
Gerrit-Project: osmo-pcu
Gerrit-Branch: master
Gerrit-Change-Id: Id1ad279ce9bef38eb3d11ac62337276207e8d8bd
Gerrit-Change-Number: 14923
Gerrit-PatchSet: 3
Gerrit-Owner: fixeria <[email protected]>
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: fixeria <[email protected]>
Gerrit-Reviewer: keith <[email protected]>
Gerrit-Reviewer: laforge <[email protected]>
Gerrit-Reviewer: pespin <[email protected]>
Gerrit-MessageType: merged
