subject:"openbsc\[master\]\: libmsc\: gsm340_gen_oa_sub\(\) may return negative value"

[MERGED] openbsc[master]: libmsc: gsm340_gen_oa_sub() may return negative value

2017-08-10 Thread Harald Welte

Harald Welte has submitted this change and it was merged.

Change subject: libmsc: gsm340_gen_oa_sub() may return negative value
..


libmsc: gsm340_gen_oa_sub() may return negative value

gsm340_gen_oa() returns a negative value if the output buffer that the
caller passes is too small, so we have to check the return value of this
function.

Fixes: CID 174178
Fixes: CID 174179
Change-Id: I47215d7d89771730a7f84efa8aeeb187a0911fdb
---
M openbsc/src/libmsc/gsm_04_11.c
1 file changed, 9 insertions(+), 2 deletions(-)

Approvals:
  Harald Welte: Looks good to me, approved
  Jenkins Builder: Verified



diff --git a/openbsc/src/libmsc/gsm_04_11.c b/openbsc/src/libmsc/gsm_04_11.c
index 73e0f55..8b4ffce 100644
--- a/openbsc/src/libmsc/gsm_04_11.c
+++ b/openbsc/src/libmsc/gsm_04_11.c
@@ -213,9 +213,9 @@
 {
uint8_t *smsp;
uint8_t oa[12]; /* max len per 03.40 */
-   uint8_t oa_len = 0;
uint8_t octet_len;
unsigned int old_msg_len = msg->len;
+   int oa_len;
 
/* generate first octet with masked bits */
smsp = msgb_put(msg, 1);
@@ -233,6 +233,9 @@
 
/* generate originator address */
oa_len = gsm340_gen_oa_sub(oa, sizeof(oa), &sms->src);
+   if (oa_len < 0)
+   return -ENOSPC;
+
smsp = msgb_put(msg, oa_len);
memcpy(smsp, oa, oa_len);
 
@@ -282,9 +285,9 @@
 struct gsm_sms *sms)
 {
unsigned int old_msg_len = msg->len;
-   uint8_t oa_len = 0;
uint8_t oa[12]; /* max len per 03.40 */
uint8_t *smsp;
+   int oa_len;
 
/* generate first octet with masked bits */
smsp = msgb_put(msg, 1);
@@ -296,8 +299,12 @@
/* TP-MR (message reference) */
smsp = msgb_put(msg, 1);
*smsp = sms->msg_ref;
+
/* generate recipient address */
oa_len = gsm340_gen_oa_sub(oa, sizeof(oa), &sms->dst);
+   if (oa_len < 0)
+   return -ENOSPC;
+
smsp = msgb_put(msg, oa_len);
memcpy(smsp, oa, oa_len);
 

-- 
To view, visit https://gerrit.osmocom.org/3461
To unsubscribe, visit https://gerrit.osmocom.org/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I47215d7d89771730a7f84efa8aeeb187a0911fdb
Gerrit-PatchSet: 1
Gerrit-Project: openbsc
Gerrit-Branch: master
Gerrit-Owner: Pablo Neira Ayuso 
Gerrit-Reviewer: Harald Welte 
Gerrit-Reviewer: Jenkins Builder

openbsc[master]: libmsc: gsm340_gen_oa_sub() may return negative value

2017-08-10 Thread Harald Welte


Patch Set 1: Code-Review+2

-- 
To view, visit https://gerrit.osmocom.org/3461
To unsubscribe, visit https://gerrit.osmocom.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I47215d7d89771730a7f84efa8aeeb187a0911fdb
Gerrit-PatchSet: 1
Gerrit-Project: openbsc
Gerrit-Branch: master
Gerrit-Owner: Pablo Neira Ayuso 
Gerrit-Reviewer: Harald Welte 
Gerrit-Reviewer: Jenkins Builder
Gerrit-HasComments: No

[PATCH] openbsc[master]: libmsc: gsm340_gen_oa_sub() may return negative value

2017-08-10 Thread Pablo Neira Ayuso


Review at  https://gerrit.osmocom.org/3461

libmsc: gsm340_gen_oa_sub() may return negative value

gsm340_gen_oa() returns a negative value if the output buffer that the
caller passes is too small, so we have to check the return value of this
function.

Fixes: CID 174178
Fixes: CID 174179
Change-Id: I47215d7d89771730a7f84efa8aeeb187a0911fdb
---
M openbsc/src/libmsc/gsm_04_11.c
1 file changed, 9 insertions(+), 2 deletions(-)


  git pull ssh://gerrit.osmocom.org:29418/openbsc refs/changes/61/3461/1

diff --git a/openbsc/src/libmsc/gsm_04_11.c b/openbsc/src/libmsc/gsm_04_11.c
index 73e0f55..8b4ffce 100644
--- a/openbsc/src/libmsc/gsm_04_11.c
+++ b/openbsc/src/libmsc/gsm_04_11.c
@@ -213,9 +213,9 @@
 {
uint8_t *smsp;
uint8_t oa[12]; /* max len per 03.40 */
-   uint8_t oa_len = 0;
uint8_t octet_len;
unsigned int old_msg_len = msg->len;
+   int oa_len;
 
/* generate first octet with masked bits */
smsp = msgb_put(msg, 1);
@@ -233,6 +233,9 @@
 
/* generate originator address */
oa_len = gsm340_gen_oa_sub(oa, sizeof(oa), &sms->src);
+   if (oa_len < 0)
+   return -ENOSPC;
+
smsp = msgb_put(msg, oa_len);
memcpy(smsp, oa, oa_len);
 
@@ -282,9 +285,9 @@
 struct gsm_sms *sms)
 {
unsigned int old_msg_len = msg->len;
-   uint8_t oa_len = 0;
uint8_t oa[12]; /* max len per 03.40 */
uint8_t *smsp;
+   int oa_len;
 
/* generate first octet with masked bits */
smsp = msgb_put(msg, 1);
@@ -296,8 +299,12 @@
/* TP-MR (message reference) */
smsp = msgb_put(msg, 1);
*smsp = sms->msg_ref;
+
/* generate recipient address */
oa_len = gsm340_gen_oa_sub(oa, sizeof(oa), &sms->dst);
+   if (oa_len < 0)
+   return -ENOSPC;
+
smsp = msgb_put(msg, oa_len);
memcpy(smsp, oa, oa_len);
 

-- 
To view, visit https://gerrit.osmocom.org/3461
To unsubscribe, visit https://gerrit.osmocom.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I47215d7d89771730a7f84efa8aeeb187a0911fdb
Gerrit-PatchSet: 1
Gerrit-Project: openbsc
Gerrit-Branch: master
Gerrit-Owner: Pablo Neira Ayuso

[MERGED] openbsc[master]: libmsc: gsm340_gen_oa_sub() may return negative value

openbsc[master]: libmsc: gsm340_gen_oa_sub() may return negative value

[PATCH] openbsc[master]: libmsc: gsm340_gen_oa_sub() may return negative value

3 matches

Site Navigation

Mail list logo

Footer information