diff options
authorVadim Yanitskiy <axilirator@gmail.com>2019-04-01 06:25:45 +0700
committerVadim Yanitskiy <axilirator@gmail.com>2019-04-01 07:18:32 +0700
commit45a8d4b2be056965f6101d4913a5c5d3273cf28f (patch)
parent41723e1508d242e774c18dc9b7b0efff70548592 (diff)
common/oml.c: fix: properly push abis_nm_ipa_magic
In oml_send_msg() we optionally push the A-bis IPA magic string ("com.ipaccess") to a given message buffer as LV (Length Value), including the terminating null byte ('\0'). There was a mix of both sizeof() and strlen() calls, and worse luck, memcpy() has been used in a wrong way, skipping the '\0': memcpy(dest, src, strlen(src)); In general, this is not critical because the headroom of a given message buffer would most likely be zero-initialized, so the '\0' is already there. However, msgb_push() gives no such guarantee. Let's use the libosmocore's TLV API (in particular, lv_put()), and stick to sizeof(), so the null byte will always be included. Change-Id: I0c7f8776d0caec40f9ed992db541f43b732e47ae Closes: OS#3022
1 files changed, 3 insertions, 3 deletions
diff --git a/src/common/oml.c b/src/common/oml.c
index c96a893f..80d424f8 100644
--- a/src/common/oml.c
+++ b/src/common/oml.c
@@ -36,6 +36,7 @@
#include <osmocom/core/msgb.h>
#include <osmocom/gsm/protocol/gsm_12_21.h>
#include <osmocom/gsm/abis_nm.h>
+#include <osmocom/gsm/tlv.h>
#include <osmocom/abis/e1_input.h>
#include <osmocom/abis/ipaccess.h>
@@ -94,9 +95,8 @@ int oml_send_msg(struct msgb *msg, int is_manuf)
if (is_manuf) {
/* length byte, string + 0 termination */
- uint8_t *manuf = msgb_push(msg, 1 + sizeof(abis_nm_ipa_magic));
- manuf[0] = strlen(abis_nm_ipa_magic)+1;
- memcpy(manuf+1, abis_nm_ipa_magic, strlen(abis_nm_ipa_magic));
+ uint8_t *manuf = msgb_push(msg, LV_GROSS_LEN(sizeof(abis_nm_ipa_magic)));
+ lv_put(manuf, sizeof(abis_nm_ipa_magic), (const uint8_t *) abis_nm_ipa_magic);
/* Push the main OML header and send it off */