Osmocom's Base Station Controller for 2G mobile networks
https://osmocom.org/projects/osmobsc
9ed6fd25dd
Currently the inner loop in show_bsc_mgcp iterates of the timeslot interval [0, 31]. Timeslot 0 is not valid, which causes mgcp_timeslot_to_endpoint to generate a corresponding warning and to return an invalid endp value. That value causes an out-of-bound read access, possibly hitting unallocated memory. This patch fixes the loop range by starting with timeslot 1. Note that this does not prevent mgcp_timeslot_to_endpoint from returning an invalid endpoint index when called with arguments not within its domain. Addresses: <000b> ../../include/openbsc/mgcp.h:250 Timeslot should not be 0 [...] vty=0xb4203db0, argc=1, argv=0xbfffebb0) at bsc_nat_vty.c:256 max = 1 con = 0xb4a004f0 i = 0 j = 0 [...] ==15700== ERROR: AddressSanitizer: heap-use-after-free on address 0xb520be4f at pc 0x8062a42 bp 0xbfffeb18 sp 0xbfffeb0c Sponsored-by: On-Waves ehf |
||
---|---|---|
debian | ||
hlrsync | ||
linux-kernel | ||
openbsc | ||
wireshark | ||
.gitignore | ||
README |