diff options
| author | Harald Welte <laforge@gnumonks.org> | 2010-05-30 17:19:38 +0200 |
|---|---|---|
| committer | Harald Welte <laforge@gnumonks.org> | 2010-05-30 17:19:38 +0200 |
| commit | d75d71e95c796bf9847e39753b716ad9ff56e237 (patch) | |
| tree | 7323ca0a38c61e8fc494d6cd0b2cd6be88c46ddb /openbsc/src/gprs/gprs_ns.c | |
| parent | 0ede21f54734ad4406481459ae45f1efd992f9a1 (diff) | |
[GPRS] NS: correctly pass the NS payload length to the TLV parser
Diffstat (limited to 'openbsc/src/gprs/gprs_ns.c')
| -rw-r--r-- | openbsc/src/gprs/gprs_ns.c | 16 |
1 files changed, 9 insertions, 7 deletions
diff --git a/openbsc/src/gprs/gprs_ns.c b/openbsc/src/gprs/gprs_ns.c index c5cf962f6..3db1d67fe 100644 --- a/openbsc/src/gprs/gprs_ns.c +++ b/openbsc/src/gprs/gprs_ns.c @@ -564,7 +564,8 @@ static int gprs_ns_rx_status(struct gprs_nsvc *nsvc, struct msgb *msg) LOGP(DNS, LOGL_NOTICE, "NSEI=%u Rx NS STATUS ", nsvc->nsei); - rc = tlv_parse(&tp, &ns_att_tlvdef, nsh->data, msgb_l2len(msg), 0, 0); + rc = tlv_parse(&tp, &ns_att_tlvdef, nsh->data, + msgb_l2len(msg) - sizeof(*nsh), 0, 0); if (rc < 0) { LOGPC(DNS, LOGL_NOTICE, "Error during TLV Parse\n"); LOGP(DNS, LOGL_ERROR, "NSEI=%u Rx NS STATUS: " @@ -592,7 +593,8 @@ static int gprs_ns_rx_reset(struct gprs_nsvc *nsvc, struct msgb *msg) uint16_t *nsvci, *nsei; int rc; - rc = tlv_parse(&tp, &ns_att_tlvdef, nsh->data, msgb_l2len(msg), 0, 0); + rc = tlv_parse(&tp, &ns_att_tlvdef, nsh->data, + msgb_l2len(msg) - sizeof(*nsh), 0, 0); if (rc < 0) { LOGP(DNS, LOGL_ERROR, "NSEI=%u Rx NS RESET " "Error during TLV Parse\n", nsvc->nsei); @@ -642,7 +644,8 @@ static int gprs_ns_rx_block(struct gprs_nsvc *nsvc, struct msgb *msg) nsvc->state |= NSE_S_BLOCKED; - rc = tlv_parse(&tp, &ns_att_tlvdef, nsh->data, msgb_l2len(msg), 0, 0); + rc = tlv_parse(&tp, &ns_att_tlvdef, nsh->data, + msgb_l2len(msg) - sizeof(*nsh), 0, 0); if (rc < 0) { LOGP(DNS, LOGL_ERROR, "NSEI=%u Rx NS BLOCK " "Error during TLV Parse\n", nsvc->nsei); @@ -706,11 +709,10 @@ int gprs_ns_rcvmsg(struct gprs_ns_inst *nsi, struct msgb *msg, #endif } rc = tlv_parse(&tp, &ns_att_tlvdef, nsh->data, - msgb_l2len(msg), 0, 0); - rc = tlv_parse(&tp, &ns_att_tlvdef, nsh->data, msgb_l2len(msg), 0, 0); + msgb_l2len(msg) - sizeof(*nsh), 0, 0); if (rc < 0) { - LOGP(DNS, LOGL_ERROR, "Rx NS RESET Error during " - "TLV Parse\n"); + LOGP(DNS, LOGL_ERROR, "Rx NS RESET Error %d during " + "TLV Parse\n", rc); return rc; } if (!TLVP_PRESENT(&tp, NS_IE_CAUSE) || |