diff options
| author | Neels Hofmeyr <neels@hofmeyr.de> | 2020-10-08 01:23:17 +0200 |
|---|---|---|
| committer | Neels Hofmeyr <nhofmeyr@sysmocom.de> | 2023-03-03 16:27:41 +0100 |
| commit | 75ee371cc9d47e9a157db01a5999bf1bfce24fd8 (patch) | |
| tree | 4e910d85c710605a8df311827681c0134032ac94 | |
| parent | 5d226653522fd537a47dedb75452381ac7544329 (diff) | |
do not pass length outside of msgb (1): bsc_handle_dt()
Change-Id: If7f119c32cd445561841fd69b450e3675e5dba59
| -rw-r--r-- | include/osmocom/bsc/osmo_bsc.h | 2 | ||||
| -rw-r--r-- | src/osmo-bsc/osmo_bsc_bssap.c | 8 | ||||
| -rw-r--r-- | src/osmo-bsc/osmo_bsc_sigtran.c | 2 |
3 files changed, 6 insertions, 6 deletions
diff --git a/include/osmocom/bsc/osmo_bsc.h b/include/osmocom/bsc/osmo_bsc.h index ee8cc1312..a1b663d8d 100644 --- a/include/osmocom/bsc/osmo_bsc.h +++ b/include/osmocom/bsc/osmo_bsc.h @@ -23,7 +23,7 @@ int bsc_scan_bts_msg(struct gsm_subscriber_connection *conn, struct msgb *msg); int bsc_scan_msc_msg(struct gsm_subscriber_connection *conn, struct msgb *msg); int bsc_handle_udt(struct bsc_msc_data *msc, struct msgb *msg, unsigned int length); -int bsc_handle_dt(struct gsm_subscriber_connection *conn, struct msgb *msg, unsigned int len); +int bsc_handle_dt(struct gsm_subscriber_connection *conn, struct msgb *msg); struct gsm_network; int bsc_ctrl_cmds_install(struct gsm_network *net); diff --git a/src/osmo-bsc/osmo_bsc_bssap.c b/src/osmo-bsc/osmo_bsc_bssap.c index 221e47779..86f2615b9 100644 --- a/src/osmo-bsc/osmo_bsc_bssap.c +++ b/src/osmo-bsc/osmo_bsc_bssap.c @@ -1427,21 +1427,21 @@ static unsigned int bssmap_msg_len(struct msgb *msg, unsigned int length, } int bsc_handle_dt(struct gsm_subscriber_connection *conn, - struct msgb *msg, unsigned int len) + struct msgb *msg) { log_set_context(LOG_CTX_BSC_SUBSCR, conn->bsub); - if (len < sizeof(struct bssmap_header)) { + if (msgb_l3len(msg) < sizeof(struct bssmap_header)) { LOGP(DMSC, LOGL_ERROR, "The header is too short.\n"); } switch (msg->l3h[0]) { case BSSAP_MSG_BSS_MANAGEMENT: msg->l4h = &msg->l3h[sizeof(struct bssmap_header)]; - bssmap_rcvmsg_dt1(conn, msg, bssmap_msg_len(msg, len, conn)); + bssmap_rcvmsg_dt1(conn, msg, bssmap_msg_len(msg, msgb_l3len(msg), conn)); break; case BSSAP_MSG_DTAP: - dtap_rcvmsg(conn, msg, len); + dtap_rcvmsg(conn, msg, msgb_l3len(msg)); break; default: LOGP(DMSC, LOGL_NOTICE, "Unimplemented BSSAP msg type: %s\n", diff --git a/src/osmo-bsc/osmo_bsc_sigtran.c b/src/osmo-bsc/osmo_bsc_sigtran.c index 04c2e9912..26e07d2f2 100644 --- a/src/osmo-bsc/osmo_bsc_sigtran.c +++ b/src/osmo-bsc/osmo_bsc_sigtran.c @@ -138,7 +138,7 @@ static struct bsc_msc_data *get_msc_by_addr(const struct osmo_sccp_addr *msc_add static int handle_data_from_msc(struct gsm_subscriber_connection *conn, struct msgb *msg) { msg->l3h = msgb_l2(msg); - return bsc_handle_dt(conn, msg, msgb_l2len(msg)); + return bsc_handle_dt(conn, msg); } /* Received unitdata from MSC, use the point code to determine which MSC it is */ |