From 37bd02121bedc4725b4b0c65e6d03b84c11e4c17 Mon Sep 17 00:00:00 2001
From: Harald Welte <laforge@gnumonks.org>
Date: Tue, 23 Apr 2019 22:46:43 +0200
Subject: LLC: Don't blindly assume all LLC frames have data payload

In reality, only UI, I, SABM, UA and XID frames carry payload.  All
other frames will have llhp.data == NULL.

Let's therefore not do any msgb adjustments unless we actually know
there is a user payload field.

Change-Id: I51bbd0f2c618d477a037af343ff41de1c8a5a3ae
Closes: OS#3952
---
 src/gprs/gprs_llc.c | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/src/gprs/gprs_llc.c b/src/gprs/gprs_llc.c
index abbb74278..c222bc246 100644
--- a/src/gprs/gprs_llc.c
+++ b/src/gprs/gprs_llc.c
@@ -945,9 +945,6 @@ int gprs_llc_rcvmsg(struct msgb *msg, struct tlv_parsed *tv)
 		LOGP(DLLC, LOGL_INFO, "Dropping frame with invalid FCS\n");
 		return -EIO;
 	}
-	/* set l3 layer & remove the fcs */
-	msg->l3h = llhp.data;
-	msgb_l3trim(msg, llhp.data_len);
 
 	/* Update LLE's (BVCI, NSEI) tuple */
 	lle->llme->bvci = msgb_bvci(msg);
@@ -958,6 +955,14 @@ int gprs_llc_rcvmsg(struct msgb *msg, struct tlv_parsed *tv)
 	if (rc < 0)
 		return rc;
 
+	/* there are many frame types that don't carry user information
+	 * and which hence have llhp.data = NULL */
+	if (llhp.data)  {
+		/* set l3 layer & remove the fcs */
+		msg->l3h = llhp.data;
+		msgb_l3trim(msg, llhp.data_len);
+	}
+
 	rate_ctr_inc(&sgsn->rate_ctrs->ctr[CTR_LLC_UL_PACKETS]);
 	rate_ctr_add(&sgsn->rate_ctrs->ctr[CTR_LLC_UL_BYTES], msg->len);
 
-- 
cgit v1.2.3