aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorVadim Yanitskiy <vyanitskiy@sysmocom.de>2020-06-05 01:57:52 +0700
committerVadim Yanitskiy <vyanitskiy@sysmocom.de>2020-06-05 18:40:42 +0700
commitffe5a8d8b8ea486b75cd38bbd28c1a7eac9c6fbb (patch)
tree748f24dd95a61a9f8e1d5445c3a5a2555d965bee /src
parent301b21850922a03cf7fbb7a3adfba4d8b95d6332 (diff)
rsl: refactor handling of RSL_IE_MR_CONFIG
- get rid of gsm_lchan::mr_bts_lv, it's never used anyway, - check IE length in amr_parse_mr_conf() before parsing, - check return code of amr_parse_mr_conf(). Change-Id: Ibfd5845ea429945b352dd14421e86562998d65ca
Diffstat (limited to 'src')
-rw-r--r--src/common/amr.c11
-rw-r--r--src/common/rsl.c27
2 files changed, 20 insertions, 18 deletions
diff --git a/src/common/amr.c b/src/common/amr.c
index 05d1aaac..837757fe 100644
--- a/src/common/amr.c
+++ b/src/common/amr.c
@@ -78,13 +78,16 @@ void amr_set_mode_pref(uint8_t *data, const struct amr_multirate_conf *amr_mrc,
int amr_parse_mr_conf(struct amr_multirate_conf *amr_mrc,
const uint8_t *mr_conf, unsigned int len)
{
- uint8_t mr_version = mr_conf[0] >> 5;
uint8_t num_codecs = 0;
int i, j = 0;
- if (mr_version != 1) {
- LOGP(DRSL, LOGL_ERROR, "AMR Multirate Version %u unknown\n",
- mr_version);
+ if (len < 2) {
+ LOGP(DRSL, LOGL_ERROR, "AMR Multirate IE is too short (%u)\n", len);
+ goto ret_einval;
+ }
+
+ if ((mr_conf[0] >> 5) != 1) {
+ LOGP(DRSL, LOGL_ERROR, "AMR Multirate Version %u unknown\n", (mr_conf[0] >> 5));
goto ret_einval;
}
diff --git a/src/common/rsl.c b/src/common/rsl.c
index 41dd2434..f057a89a 100644
--- a/src/common/rsl.c
+++ b/src/common/rsl.c
@@ -1209,17 +1209,16 @@ static int rsl_rx_chan_activ(struct msgb *msg)
}
/* 9.3.52 MultiRate Configuration */
if (TLVP_PRESENT(&tp, RSL_IE_MR_CONFIG)) {
- if (TLVP_LEN(&tp, RSL_IE_MR_CONFIG) > sizeof(lchan->mr_bts_lv) - 1) {
+ rc = amr_parse_mr_conf(&lchan->tch.amr_mr,
+ TLVP_VAL(&tp, RSL_IE_MR_CONFIG),
+ TLVP_LEN(&tp, RSL_IE_MR_CONFIG));
+ if (rc < 0) {
LOGPLCHAN(lchan, DRSL, LOGL_ERROR, "Error parsing MultiRate conf IE\n");
rsl_tx_error_report(msg->trx, RSL_ERR_IE_CONTENT, &dch->chan_nr, NULL, msg);
return rsl_tx_chan_act_acknack(lchan, RSL_ERR_IE_CONTENT);
}
- memcpy(lchan->mr_bts_lv, TLVP_VAL(&tp, RSL_IE_MR_CONFIG) - 1,
- TLVP_LEN(&tp, RSL_IE_MR_CONFIG) + 1);
- amr_parse_mr_conf(&lchan->tch.amr_mr, TLVP_VAL(&tp, RSL_IE_MR_CONFIG),
- TLVP_LEN(&tp, RSL_IE_MR_CONFIG));
- amr_log_mr_conf(DRTP, LOGL_DEBUG, gsm_lchan_name(lchan),
- &lchan->tch.amr_mr);
+
+ amr_log_mr_conf(DRTP, LOGL_DEBUG, gsm_lchan_name(lchan), &lchan->tch.amr_mr);
lchan->tch.last_cmr = AMR_CMR_NONE;
}
/* 9.3.53 MultiRate Control */
@@ -1556,6 +1555,7 @@ static int rsl_rx_mode_modif(struct msgb *msg)
struct gsm_lchan *lchan = msg->lchan;
struct rsl_ie_chan_mode *cm;
struct tlv_parsed tp;
+ int rc;
rsl_tlv_parse(&tp, msgb_l3(msg), msgb_l3len(msg));
@@ -1588,17 +1588,16 @@ static int rsl_rx_mode_modif(struct msgb *msg)
/* 9.3.52 MultiRate Configuration */
if (TLVP_PRESENT(&tp, RSL_IE_MR_CONFIG)) {
- if (TLVP_LEN(&tp, RSL_IE_MR_CONFIG) > sizeof(lchan->mr_bts_lv) - 1) {
+ rc = amr_parse_mr_conf(&lchan->tch.amr_mr,
+ TLVP_VAL(&tp, RSL_IE_MR_CONFIG),
+ TLVP_LEN(&tp, RSL_IE_MR_CONFIG));
+ if (rc < 0) {
LOGPLCHAN(lchan, DRSL, LOGL_ERROR, "Error parsing MultiRate conf IE\n");
rsl_tx_error_report(msg->trx, RSL_ERR_IE_CONTENT, &dch->chan_nr, NULL, msg);
return rsl_tx_mode_modif_nack(lchan, RSL_ERR_IE_CONTENT);;
}
- memcpy(lchan->mr_bts_lv, TLVP_VAL(&tp, RSL_IE_MR_CONFIG) - 1,
- TLVP_LEN(&tp, RSL_IE_MR_CONFIG) + 1);
- amr_parse_mr_conf(&lchan->tch.amr_mr, TLVP_VAL(&tp, RSL_IE_MR_CONFIG),
- TLVP_LEN(&tp, RSL_IE_MR_CONFIG));
- amr_log_mr_conf(DRTP, LOGL_DEBUG, gsm_lchan_name(lchan),
- &lchan->tch.amr_mr);
+
+ amr_log_mr_conf(DRTP, LOGL_DEBUG, gsm_lchan_name(lchan), &lchan->tch.amr_mr);
lchan->tch.last_cmr = AMR_CMR_NONE;
}
/* 9.3.53 MultiRate Control */
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-29 22:48:25 +0000