cellular-infrastructure
/
osmo-bsc
mirror of https://gerrit.osmocom.org/osmo-bsc
9
0
Fork 0
Code Issues Releases Wiki Activity

gprs_llc: Prevent llme_alloc/lle_init from reading invalid memory 

Make the llc_default_params structure from which data is initialized
large enough. Otherwise address sanitizer complains with out-of-bounds
reads.

Only SAPIs 1, 2, 3, 5, 7, 8, 9, 11 are defined for GPRS but the
struct gprs_llc_llme includes NUM_SAPIS lle's and they are populated
from the llc_default_params structure.
This commit is contained in:
Daniel Willmann 2014-06-27 17:05:48 +02:00 committed by Holger Hans Peter Freyther
parent 8a485f0bec
commit 46d13268b8
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
openbsc/src/gprs/gprs_llc.c
View File

@ -84,7 +84,7 @@ static int _bssgp_tx_dl_ud(struct msgb *msg, struct sgsn_mm_ctx *mmctx)
/* Section 8.9.9 LLC layer parameter default values */
static const struct gprs_llc_params llc_default_params[] = {
static const struct gprs_llc_params llc_default_params[NUM_SAPIS] = {
[1] = {
.t200_201 = 5,
.n200 = 3,