paulmataruso/osmo-mgw
1
0
Fork 0
mirror of https://gitea.osmocom.org/cellular-infrastructure/osmo-mgw.git synced 2025-11-02 13:03:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

[rsl] Speculative crash fix in the RSL rcv message

Browse Source 
The theory is that the BTS is almost dead and sends out
a incomplete message and we crash with that. I have not
been able to completely verify that.
This commit is contained in:
Holger Hans Peter Freyther
2009-11-20 15:14:01 +01:00
parent d55a4dc326
commit c88fb75616
1 changed files with 13 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
openbsc/src/abis_rsl.c
View File

@@ -1563,9 +1563,21 @@ static int abis_rsl_rx_ipacc(struct msgb *msg)
/* Entry-point where L2 RSL from BTS enters */
int abis_rsl_rcvmsg(struct msgb *msg)
{
struct abis_rsl_common_hdr *rslh = msgb_l2(msg) ;
struct abis_rsl_common_hdr *rslh;
int rc = 0;
if (!msg) {
DEBUGP(DRSL, "Empty RSL msg?..\n");
return -1;
}
if (msgb_l2len(msg) < sizeof(*rslh)) {
DEBUGP(DRSL, "Truncated RSL message with l2len: %u\n", msgb_l2len(msg));
return -1;
}
rslh = msgb_l2(msg);
switch (rslh->msg_discr & 0xfe) {
case ABIS_RSL_MDISC_RLL:
rc = abis_rsl_rx_rll(msg);