diff options
| author | Pau Espin Pedrol <pespin@sysmocom.de> | 2020-03-25 14:04:36 +0100 |
|---|---|---|
| committer | Pascal Quantin <pascal@wireshark.org> | 2020-03-25 17:18:15 +0000 |
| commit | 69a47691cdf6a9304ef8689d3a39d510e81e001c (patch) | |
| tree | 239a814aa2c621cbe7d2542138fc3860e39bc486 | |
| parent | badbc3c6097e3365151eb97e94ee7f2d945ec094 (diff) | |
rlcmac: Fix bug receiving RA cap
It seems the assumptions regarding maximum number of RA capabilitites
in one message were wrong. Doing some rough calculations, each RA
capabilitiy value (without extensions) can take around 20ish bits, which
means for a message containing up to 52 bytes that quite a lot of
different values could be theoretically fed in. Let's be safe and
increase the array size to be able to handle all different access
technologies listed in See TS 24.008 table 10.5.146 following
restrictions:
* "The MS Radio Access capability is a type 4 information element, with a maximum length of 52 octets."
* "Among the three Access Type Technologies GSM 900-P, GSM 900-E and GSM 900-R only one shall be present."
* "the mobile station should provide the relevant radio access
capability for either GSM 1800 band OR GSM 1900 band, not both".
Port from osmo-pcu.git 7faa5da209d0ef48fe593603c217615f09fb61fb.
Related: https://osmocom.org/issues/4463
Change-Id: Ief5189f88ba0e4970847567c9a15b1ada8b9df4b
Reviewed-on: https://code.wireshark.org/review/36573
Reviewed-by: Harald Welte <laforge@gnumonks.org>
Petri-Dish: Pascal Quantin <pascal@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
| -rw-r--r-- | epan/dissectors/packet-gsm_rlcmac.h | 18 |
1 files changed, 5 insertions, 13 deletions
diff --git a/epan/dissectors/packet-gsm_rlcmac.h b/epan/dissectors/packet-gsm_rlcmac.h index ab56d21a46..bd64e1b330 100644 --- a/epan/dissectors/packet-gsm_rlcmac.h +++ b/epan/dissectors/packet-gsm_rlcmac.h @@ -1198,10 +1198,6 @@ typedef struct } Content_t; -#define ABSOLUTE_MAX_BANDS 2 /* New fields for R4 extend the length of the capabilities message so we can only send 2 */ - -#define MAX_ACCESS_TECHNOLOGIES_COUNT 16 /* No more than 16 instances */ - typedef enum {/* See TS 24.008 table 10.5.146 */ AccTech_GSMP = 0x0, @@ -1221,13 +1217,9 @@ typedef enum AccTech_GSMOther = 0xf } AccessTechnology_t; -#if 0 -typedef struct -{ - guint8 CountAccessTechnologies; - AccessTechnology_t AccessTechnologies[MAX_ACCESS_TECHNOLOGIES_COUNT]; -} AccessTechnologiesRequest_t; -#endif +/* Maximum entries in one message, Enum above, applying restrictions from section + 12.30 "MS Radio Access Capability 2": */ +#define MAX_ACCESS_TECHNOLOGIES_COUNT 11 typedef struct { @@ -1241,7 +1233,7 @@ typedef struct guint8 Count_additional_access_technologies; /* The value 0xf cannot be set for the first ATT, therefore we can only have ABSOLUTE_MAX_BANDS-1 additional access technologies. */ - Additional_access_technologies_struct_t Additional_access_technologies[ABSOLUTE_MAX_BANDS-1]; + Additional_access_technologies_struct_t Additional_access_technologies[MAX_ACCESS_TECHNOLOGIES_COUNT-1]; } Additional_access_technologies_t; typedef struct @@ -1259,7 +1251,7 @@ typedef struct typedef struct { guint8 Count_MS_RA_capability_value; /* Recursive */ - MS_RA_capability_value_t MS_RA_capability_value[ABSOLUTE_MAX_BANDS]; + MS_RA_capability_value_t MS_RA_capability_value[MAX_ACCESS_TECHNOLOGIES_COUNT]; } MS_Radio_Access_capability_t; |