From 825716851ec2e021505dc7f77d33956ea27ba802 Mon Sep 17 00:00:00 2001 From: Vadim Yanitskiy Date: Wed, 9 Jun 2021 01:46:48 +0200 Subject: host/layer23/ccch_scan: skip CCCH frames with wrong length It's not clear why do we get frames with unexpected length, but we definitely should not crash. Just log and ignore them. Change-Id: I85392becbffdb3ba7365decfd8f3769abe3c02c7 Related: OS#5171 --- src/host/layer23/src/misc/app_ccch_scan.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/host/layer23/src/misc/app_ccch_scan.c b/src/host/layer23/src/misc/app_ccch_scan.c index be2d9aea..e5a184f1 100644 --- a/src/host/layer23/src/misc/app_ccch_scan.c +++ b/src/host/layer23/src/misc/app_ccch_scan.c @@ -409,6 +409,13 @@ int gsm48_rx_ccch(struct msgb *msg, struct osmocom_ms *ms) struct gsm48_system_information_type_header *sih = msgb_l3(msg); int rc = 0; + /* Skip frames with wrong length */ + if (msgb_l3len(msg) != GSM_MACBLOCK_LEN) { + LOGP(DRR, LOGL_ERROR, "Rx CCCH message with odd length=%u: %s\n", + msgb_l3len(msg), msgb_hexdump_l3(msg)); + return -EINVAL; + } + /* Skip dummy (fill) frames */ if (is_fill_frame(msg)) return 0; -- cgit v1.2.3