csn1: Validate recursive array max size during decoding

This way if CSN1 encoded bitstream contains more elements than what the defintion expects it will fail instead of overflowing the decoded buffer. RA cap struct placed in unit test is taken from a real android phone sending the value when attaching to the network. Then SGSN sends it back and osmo-pcu would crash similar to unit test: *** stack smashing detected ***: terminated Process terminating with default action of signal 6 (SIGABRT): dumping core at 0x4C62CE5: raise (in /usr/lib/libc-2.31.so) by 0x4C4C856: abort (in /usr/lib/libc-2.31.so) by 0x4CA62AF: __libc_message (in /usr/lib/libc-2.31.so) by 0x4D36069: __fortify_fail (in /usr/lib/libc-2.31.so) by 0x4D36033: __stack_chk_fail (in /usr/lib/libc-2.31.so) by 0x124706: testRAcap2(void*) (RLCMACTest.cpp:468) Related: OS#4463 Change-Id: I9fe0e55e0a6a41ae2cc885fba490c1d4a186231e
author: Pau Espin Pedrol <pespin@sysmocom.de> 2020-03-23 14:35:26 +0100
committer: Pau Espin Pedrol <pespin@sysmocom.de> 2020-03-23 15:34:11 +0100
commit: efad80bfbffb2a35d2516e56dc40979f19c6c370 (patch)
tree: 831ecb8135f941a4079bd474505d3caf361bc7b3 /tests/rlcmac/RLCMACTest.ok
parent: 81b40cbaf3070f70954663f68375100128bdc77e (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/tests/rlcmac/RLCMACTest.ok b/tests/rlcmac/RLCMACTest.ok
index ffcaeb30..313511f3 100644
--- a/tests/rlcmac/RLCMACTest.ok
+++ b/tests/rlcmac/RLCMACTest.ok
@@ -144,3 +144,5 @@ decode_gsm_ra_cap() returns -5
 *** testMalformedRAcap ***
 === Test decoding of MS RA Capability ===
 decode_gsm_ra_cap() returns 0
+*** testRAcap2 ***
+=== Test decoding of multi-band MS RA Capability ===
author	Pau Espin Pedrol <pespin@sysmocom.de>	2020-03-23 14:35:26 +0100
committer	Pau Espin Pedrol <pespin@sysmocom.de>	2020-03-23 15:34:11 +0100
commit	efad80bfbffb2a35d2516e56dc40979f19c6c370 (patch)
tree	831ecb8135f941a4079bd474505d3caf361bc7b3 /tests/rlcmac/RLCMACTest.ok
parent	81b40cbaf3070f70954663f68375100128bdc77e (diff)