diff options
| author | Harald Welte <laforge@gnumonks.org> | 2017-11-06 02:50:21 +0900 |
|---|---|---|
| committer | Harald Welte <laforge@gnumonks.org> | 2017-11-06 02:50:21 +0900 |
| commit | 6733906f62dae6f1a7f21c23627009e4060966fa (patch) | |
| tree | dfc2aaeab5e6071162a90bdf3489b2d413befb06 | |
| parent | a73177b1909cbf7ec9a8dc7b5f1a9a3b44c59d01 (diff) | |
trx: Better be safe than sorry before calling strlen
There's a lot of pointer arithmetic in trx_ctrl_read_cb which is
not so nice. While I believe the current code is safe, Coverity
raises "CID 178665: Insecure data handling (INTEGER_OVERFLOW)"
regardin the use of rsp_len in the strcmp().
Let's put some OSMO_ASSERT() in front and hope that makes Coverity
happy.
Change-Id: I5a9b3307f83cdde7c8e9f66932446604f5623b05
| -rw-r--r-- | src/osmo-bts-trx/trx_if.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/osmo-bts-trx/trx_if.c b/src/osmo-bts-trx/trx_if.c index a41cf2cf..5d8f6c47 100644 --- a/src/osmo-bts-trx/trx_if.c +++ b/src/osmo-bts-trx/trx_if.c @@ -391,6 +391,8 @@ static int trx_ctrl_read_cb(struct osmo_fd *ofd, unsigned int what) "message '%s'\n", buf, tcm->cmd); goto rsp_error; } + OSMO_ASSERT(strlen(buf+4) >= rsp_len); + OSMO_ASSERT(strlen(tcm->cmd+4) >= rsp_len); if (!!strncmp(buf + 4, tcm->cmd + 4, rsp_len)) goto notmatch; |