diff options
author | Jacob Erlbeck <jerlbeck@sysmocom.de> | 2015-04-07 17:49:47 +0200 |
---|---|---|
committer | Holger Hans Peter Freyther <holger@moiji-mobile.com> | 2015-04-07 20:13:28 +0200 |
commit | 9ed6fd25dde40e3079c5b278f543714b0d78a9f0 (patch) | |
tree | c389cc1aa5845349f3dc38eba1a6efecbe1eb61f /openbsc/tests/sgsn/sgsn_test.c | |
parent | 08ea4d87f6c5db1ce68ef58040a35271358fa6d8 (diff) |
nat: Fix timeslot range in 'show bsc mgcp' VTY command
Currently the inner loop in show_bsc_mgcp iterates of the timeslot
interval [0, 31]. Timeslot 0 is not valid, which causes
mgcp_timeslot_to_endpoint to generate a corresponding warning and to
return an invalid endp value. That value causes an out-of-bound
read access, possibly hitting unallocated memory.
This patch fixes the loop range by starting with timeslot 1.
Note that this does not prevent mgcp_timeslot_to_endpoint from
returning an invalid endpoint index when called with arguments not
within its domain.
Addresses:
<000b> ../../include/openbsc/mgcp.h:250 Timeslot should not be 0
[...]
vty=0xb4203db0, argc=1, argv=0xbfffebb0) at bsc_nat_vty.c:256
max = 1
con = 0xb4a004f0
i = 0
j = 0
[...]
==15700== ERROR: AddressSanitizer: heap-use-after-free on address
0xb520be4f at pc 0x8062a42 bp 0xbfffeb18 sp 0xbfffeb0c
Sponsored-by: On-Waves ehf
Diffstat (limited to 'openbsc/tests/sgsn/sgsn_test.c')
0 files changed, 0 insertions, 0 deletions