diff options
author | Holger Hans Peter Freyther <zecke@selfish.org> | 2010-01-06 07:52:55 +0100 |
---|---|---|
committer | Holger Hans Peter Freyther <zecke@selfish.org> | 2010-01-07 15:48:28 +0100 |
commit | 17d81e2f9552546f93227036a94301ef266e12b9 (patch) | |
tree | 1445b5c582b9aebeb7ee2225e8be40bf8cbd3ab4 /openbsc/src/system_information.c | |
parent | 7ec448d0312f658a78f7d7cf1e3cbd03cce2a1ca (diff) |
[system_information] Initialize the buffer before moving it
In the case of ipaccess we are doing a ++output but then still
try to write 23 bytes into it and on my system this is leading
to a stack corruption.
Diffstat (limited to 'openbsc/src/system_information.c')
-rw-r--r-- | openbsc/src/system_information.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/openbsc/src/system_information.c b/openbsc/src/system_information.c index 7fd12346e..9bdf2c139 100644 --- a/openbsc/src/system_information.c +++ b/openbsc/src/system_information.c @@ -342,6 +342,8 @@ static int generate_si5(u_int8_t *output, struct gsm_bts *bts) struct gsm48_system_information_type_5 *si5; int rc, l2_plen = 18; + memset(output, GSM_MACBLOCK_PADDING, GSM_MACBLOCK_LEN); + /* ip.access nanoBTS needs l2_plen!! */ if (is_ipaccess_bts(bts)) { *output++ = (l2_plen << 2) | 1; @@ -349,7 +351,6 @@ static int generate_si5(u_int8_t *output, struct gsm_bts *bts) } si5 = (struct gsm48_system_information_type_5 *) output; - memset(si5, GSM_MACBLOCK_PADDING, GSM_MACBLOCK_LEN); /* l2 pseudo length, not part of msg: 18 */ si5->rr_protocol_discriminator = GSM48_PDISC_RR; @@ -368,6 +369,8 @@ static int generate_si6(u_int8_t *output, struct gsm_bts *bts) struct gsm48_system_information_type_6 *si6; int l2_plen = 11; + memset(output, GSM_MACBLOCK_PADDING, GSM_MACBLOCK_LEN); + /* ip.access nanoBTS needs l2_plen!! */ if (is_ipaccess_bts(bts)) { *output++ = (l2_plen << 2) | 1; @@ -375,7 +378,6 @@ static int generate_si6(u_int8_t *output, struct gsm_bts *bts) } si6 = (struct gsm48_system_information_type_6 *) output; - memset(si6, GSM_MACBLOCK_PADDING, GSM_MACBLOCK_LEN); /* l2 pseudo length, not part of msg: 11 */ si6->rr_protocol_discriminator = GSM48_PDISC_RR; |