cellular-infrastructure
/
osmo-bsc
mirror of https://gerrit.osmocom.org/osmo-bsc
9
0
Fork 0
Code Issues Releases Wiki Activity

[mgcp] Fix two bugs in the protocol handling 

In case of a wrongly formatted AUEP, CRCX, DLCX, MDCX the
transaction id pointer was a dangling pointer... Initialize
the transaction id to a static string..

Also fix a off by one bug. We want to extract four elements
from the MGCP message and not only 3... So a short AUEP message
made it us read too many things.
This commit is contained in:
Holger Hans Peter Freyther 2010-02-26 13:32:55 +01:00
parent 63f2db2ec9
commit a820c5f89d
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
openbsc/src/mgcp/mgcp_protocol.c
View File

@ -302,6 +302,8 @@ static int analyze_header(struct mgcp_config *cfg, struct msgb *msg,
{
int found;
*transaction_id = "000000";
if (size < 3) {
LOGP(DMGCP, LOGL_ERROR, "Not enough space in ptr\n");
return -1;
@ -309,7 +311,7 @@ static int analyze_header(struct mgcp_config *cfg, struct msgb *msg,
found = find_msg_pointers(msg, ptr, size);
if (found < 3) {
if (found <= 3) {
LOGP(DMGCP, LOGL_ERROR, "Gateway: Not enough params. Found: %d\n", found);
return -1;
}