aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorHolger Hans Peter Freyther <zecke@selfish.org>2010-10-08 20:08:36 +0800
committerHolger Hans Peter Freyther <zecke@selfish.org>2010-10-08 20:08:36 +0800
commit5797ca85c1bba012f1e33c9701cb7bbe77ed80a4 (patch)
tree1e39be049b5ab0702204f4265e7bde3d2eaa110a
parent2537b2f836155eadc17c268d560f8ebdca07ef1a (diff)
bssap.c: The lac is only 16bit.. no need to read two bytes of garbage
Recreate a read_data16, use it to parse the LAC from the Cell Identifier.. we check that the length is at least 3 byte and read from byte 1.. which means reading four bytes is totally wrong.
-rw-r--r--openbsc/src/bssap.c6
1 files changed, 3 insertions, 3 deletions
diff --git a/openbsc/src/bssap.c b/openbsc/src/bssap.c
index 755028749..35a90ab05 100644
--- a/openbsc/src/bssap.c
+++ b/openbsc/src/bssap.c
@@ -46,9 +46,9 @@
static void bts_queue_send(struct msgb *msg, int link_id);
static void bssmap_free_secondary(struct bss_sccp_connection_data *data);
-static uint32_t read_data32(const uint8_t *data)
+static uint16_t read_data16(const uint8_t *data)
{
- uint32_t res;
+ uint16_t res;
memcpy(&res, data, sizeof(res));
return res;
@@ -145,7 +145,7 @@ static int bssmap_handle_paging(struct gsm_network *net, struct msgb *msg, unsig
* Support paging to all network or one BTS at one LAC
*/
if (data_length == 3 && data[0] == CELL_IDENT_LAC) {
- lac = ntohs(read_data32(&data[1]));
+ lac = ntohs(read_data16(&data[1]));
} else if (data_length > 1 || (data[0] & 0x0f) != CELL_IDENT_BSS) {
LOGP(DMSC, LOGL_ERROR, "Unsupported Cell Identifier List: %s\n", hexdump(data, data_length));
return -1;