diff options
| author | Max <msuraev@sysmocom.de> | 2017-10-10 16:20:23 +0200 |
|---|---|---|
| committer | Harald Welte <laforge@gnumonks.org> | 2017-10-11 01:28:50 +0000 |
| commit | 39999a7dcf6b3f7329171b4a47d14c0b0dd73a3c (patch) | |
| tree | 0d8c50c444ceff1b735e9ae2afb2c9058e489904 | |
| parent | 25cc407c5be8d3f130886353bf49836d19bebfe2 (diff) | |
SI1q: fix EARFCN appender
Previously if we ran out of space while adding EARFCN, we simply return
which might result in malformed SI2q. Fix it by proper rollback of
entire EARFCN. While at it, let's be paranoid and introduce extra checks
against integer overflow in budget calculations.
Change-Id: I4b2aa3825e9affb6dfeadecdf24dd1a43a92b7b7
Related: OS#2357
| -rw-r--r-- | src/libbsc/rest_octets.c | 25 | ||||
| -rw-r--r-- | tests/gsm0408/gsm0408_test.ok | 20 |
2 files changed, 33 insertions, 12 deletions
diff --git a/src/libbsc/rest_octets.c b/src/libbsc/rest_octets.c index a22b8e674..abd621c8e 100644 --- a/src/libbsc/rest_octets.c +++ b/src/libbsc/rest_octets.c @@ -59,15 +59,16 @@ int rest_octets_si1(uint8_t *data, uint8_t *nch_pos, int is1800_net) } /* Append Repeated E-UTRAN Neighbour Cell to bitvec: see 3GPP TS 44.018 Table 10.5.2.33b.1 */ -static inline void append_eutran_neib_cell(struct bitvec *bv, struct gsm_bts *bts, uint8_t budget) +static inline bool append_eutran_neib_cell(struct bitvec *bv, struct gsm_bts *bts, uint8_t budget) { const struct osmo_earfcn_si2q *e = &bts->si_common.si2quater_neigh_list; unsigned i, skip = 0; size_t offset = bts->e_offset; - uint8_t rem = budget - 6, earfcn_budget; /* account for mandatory stop bit and THRESH_E-UTRAN_high */ + int16_t rem = budget - 6; /* account for mandatory stop bit and THRESH_E-UTRAN_high */ + uint8_t earfcn_budget; if (budget <= 6) - return; + return false; OSMO_ASSERT(budget <= SI2Q_MAX_LEN); @@ -87,6 +88,9 @@ static inline void append_eutran_neib_cell(struct bitvec *bv, struct gsm_bts *bt else rem--; + if (rem < 0) + return false; + /* now we can proceed with actually adding EARFCNs within adjusted budget limit */ for (i = 0; i < e->length; i++) { if (e->arfcn[i] != OSMO_EARFCN_INVALID) { @@ -104,6 +108,10 @@ static inline void append_eutran_neib_cell(struct bitvec *bv, struct gsm_bts *bt else { bts->e_offset++; rem -= earfcn_budget; + + if (rem < 0) + return false; + bitvec_set_bit(bv, 1); /* EARFCN: */ bitvec_set_uint(bv, e->arfcn[i], 16); @@ -146,10 +154,14 @@ static inline void append_eutran_neib_cell(struct bitvec *bv, struct gsm_bts *bt bitvec_set_uint(bv, e->qrxlm, 5); } else bitvec_set_bit(bv, 0); + + return true; } static inline void append_earfcn(struct bitvec *bv, struct gsm_bts *bts, uint8_t budget) { + bool appended; + unsigned int old = bv->cur_bit; /* save current position to make rollback possible */ int rem = budget - 25; if (rem <= 0) return; @@ -203,8 +215,11 @@ static inline void append_earfcn(struct bitvec *bv, struct gsm_bts *bts, uint8_t /* Repeated E-UTRAN Neighbour Cells */ bitvec_set_bit(bv, 1); - /* N. B: 25 bits are set in append_earfcn() - keep it in sync with budget adjustment below: */ - append_eutran_neib_cell(bv, bts, rem); + appended = append_eutran_neib_cell(bv, bts, rem); + if (!appended) { /* appending is impossible within current budget: rollback */ + bv->cur_bit = old; + return; + } /* stop bit - end of Repeated E-UTRAN Neighbour Cells sequence: */ bitvec_set_bit(bv, 0); diff --git a/tests/gsm0408/gsm0408_test.ok b/tests/gsm0408/gsm0408_test.ok index d200539ef..889f0012b 100644 --- a/tests/gsm0408/gsm0408_test.ok +++ b/tests/gsm0408/gsm0408_test.ok @@ -174,15 +174,21 @@ generated valid SI2quater [03/05]: [23] 59 06 07 46 a0 04 86 59 84 21 54 21 4f 6 generated valid SI2quater [04/05]: [23] 59 06 07 48 a0 04 86 59 84 2b 54 21 27 61 09 59 08 4b b7 2e ca c1 2b generated valid SI2quater [05/05]: [23] 59 06 07 4a a0 04 86 59 84 26 53 97 65 60 2b 2b 2b 2b 2b 2b 2b 2b 2b generating SI2quater for 17 EARFCNs and 8 UARFCNs... -generated valid SI2quater [00/02]: [23] 59 06 07 40 40 25 0f 70 45 19 a0 0d 7d 7e a6 19 e7 00 44 b3 07 82 41 -generated valid SI2quater [01/02]: [23] 59 06 07 42 40 04 86 59 84 2b 54 21 27 61 09 59 08 4b b7 2e ca c1 2b -generated valid SI2quater [02/02]: [23] 59 06 07 44 40 04 86 59 84 26 53 97 65 60 2b 2b 2b 2b 2b 2b 2b 2b 2b +generated valid SI2quater [00/05]: [23] 59 06 07 40 a0 25 0f 70 45 19 a0 0d 7d 7e a6 19 e7 0b 2b 2b 2b 2b 2b +generated valid SI2quater [01/05]: [23] 59 06 07 42 a0 04 86 59 83 c1 20 f0 48 3c 26 c1 e0 f5 cb b2 b0 2b 2b +generated valid SI2quater [02/05]: [23] 59 06 07 44 a0 04 86 59 83 c2 ec 20 ff 61 08 19 08 41 b7 2e ca c1 2b +generated valid SI2quater [03/05]: [23] 59 06 07 46 a0 04 86 59 84 21 54 21 4f 61 0a 99 08 55 b7 2e ca c1 2b +generated valid SI2quater [04/05]: [23] 59 06 07 48 a0 04 86 59 84 2b 54 21 27 61 09 59 08 4b b7 2e ca c1 2b +generated valid SI2quater [05/05]: [23] 59 06 07 4a a0 04 86 59 84 26 53 97 65 60 2b 2b 2b 2b 2b 2b 2b 2b 2b generating SI2quater for 17 EARFCNs and 9 UARFCNs... -generated valid SI2quater [00/02]: [23] 59 06 07 40 40 25 0f 70 4d 19 a0 26 fd 66 a6 03 e7 fa 10 99 66 0f 04 -generated valid SI2quater [01/02]: [23] 59 06 07 42 40 04 86 59 84 2b 54 21 27 61 09 59 08 4b b7 2e ca c1 2b -generated valid SI2quater [02/02]: [23] 59 06 07 44 40 04 86 59 84 26 53 97 65 60 2b 2b 2b 2b 2b 2b 2b 2b 2b +generated valid SI2quater [00/05]: [23] 59 06 07 40 a0 25 0f 70 4d 19 a0 26 fd 66 a6 03 e7 fa 0b 2b 2b 2b 2b +generated valid SI2quater [01/05]: [23] 59 06 07 42 a0 04 86 59 83 c1 20 f0 48 3c 26 c1 e0 f5 cb b2 b0 2b 2b +generated valid SI2quater [02/05]: [23] 59 06 07 44 a0 04 86 59 83 c2 ec 20 ff 61 08 19 08 41 b7 2e ca c1 2b +generated valid SI2quater [03/05]: [23] 59 06 07 46 a0 04 86 59 84 21 54 21 4f 61 0a 99 08 55 b7 2e ca c1 2b +generated valid SI2quater [04/05]: [23] 59 06 07 48 a0 04 86 59 84 2b 54 21 27 61 09 59 08 4b b7 2e ca c1 2b +generated valid SI2quater [05/05]: [23] 59 06 07 4a a0 04 86 59 84 26 53 97 65 60 2b 2b 2b 2b 2b 2b 2b 2b 2b generating SI2quater for 17 EARFCNs and 10 UARFCNs... -generated valid SI2quater [00/05]: [23] 59 06 07 40 a0 25 0f 70 55 47 89 1e fd 7c b0 00 e7 9b b0 04 12 c8 2b +generated valid SI2quater [00/05]: [23] 59 06 07 40 a0 25 0f 70 55 47 89 1e fd 7c b0 00 e7 9b b0 2b 2b 2b 2b generated valid SI2quater [01/05]: [23] 59 06 07 42 a0 04 86 59 83 c1 20 f0 48 3c 26 c1 e0 f5 cb b2 b0 2b 2b generated valid SI2quater [02/05]: [23] 59 06 07 44 a0 04 86 59 83 c2 ec 20 ff 61 08 19 08 41 b7 2e ca c1 2b generated valid SI2quater [03/05]: [23] 59 06 07 46 a0 04 86 59 84 21 54 21 4f 61 0a 99 08 55 b7 2e ca c1 2b |