cellular-infrastructure
/
osmo-bts
mirror of https://gerrit.osmocom.org/osmo-bts
9
0
Fork 0
Code Issues Releases Wiki Activity

rsl: refactor handling of RSL_IE_MR_CONFIG 

- get rid of gsm_lchan::mr_bts_lv, it's never used anyway,
  - check IE length in amr_parse_mr_conf() before parsing,
  - check return code of amr_parse_mr_conf().

Change-Id: Ibfd5845ea429945b352dd14421e86562998d65ca
This commit is contained in:
Vadim Yanitskiy 2020-06-05 01:57:52 +07:00
parent 301b218509
commit ffe5a8d8b8
3 changed files with 20 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
include/osmo-bts/gsm_data_shared.h
View File

@ -157,9 +157,6 @@ struct gsm_lchan {
uint8_t key[MAX_A5_KEY_LEN];
} encr;
/* AMR bits */
uint8_t mr_bts_lv[7];
struct {
uint32_t bound_ip;
uint32_t connect_ip;

11
src/common/amr.c
View File

@ -78,13 +78,16 @@ void amr_set_mode_pref(uint8_t *data, const struct amr_multirate_conf *amr_mrc,
int amr_parse_mr_conf(struct amr_multirate_conf *amr_mrc,
const uint8_t *mr_conf, unsigned int len)
{
uint8_t mr_version = mr_conf[0] >> 5;
uint8_t num_codecs = 0;
int i, j = 0;
if (mr_version != 1) {
LOGP(DRSL, LOGL_ERROR, "AMR Multirate Version %u unknown\n",
mr_version);
if (len < 2) {
LOGP(DRSL, LOGL_ERROR, "AMR Multirate IE is too short (%u)\n", len);
goto ret_einval;
}
if ((mr_conf[0] >> 5) != 1) {
LOGP(DRSL, LOGL_ERROR, "AMR Multirate Version %u unknown\n", (mr_conf[0] >> 5));
goto ret_einval;
}

27
src/common/rsl.c
View File

@ -1209,17 +1209,16 @@ static int rsl_rx_chan_activ(struct msgb *msg)
}
/* 9.3.52 MultiRate Configuration */
if (TLVP_PRESENT(&tp, RSL_IE_MR_CONFIG)) {
if (TLVP_LEN(&tp, RSL_IE_MR_CONFIG) > sizeof(lchan->mr_bts_lv) - 1) {
rc = amr_parse_mr_conf(&lchan->tch.amr_mr,
TLVP_VAL(&tp, RSL_IE_MR_CONFIG),
TLVP_LEN(&tp, RSL_IE_MR_CONFIG));
if (rc < 0) {
LOGPLCHAN(lchan, DRSL, LOGL_ERROR, "Error parsing MultiRate conf IE\n");
rsl_tx_error_report(msg->trx, RSL_ERR_IE_CONTENT, &dch->chan_nr, NULL, msg);
return rsl_tx_chan_act_acknack(lchan, RSL_ERR_IE_CONTENT);
}
memcpy(lchan->mr_bts_lv, TLVP_VAL(&tp, RSL_IE_MR_CONFIG) - 1,
TLVP_LEN(&tp, RSL_IE_MR_CONFIG) + 1);
amr_parse_mr_conf(&lchan->tch.amr_mr, TLVP_VAL(&tp, RSL_IE_MR_CONFIG),
TLVP_LEN(&tp, RSL_IE_MR_CONFIG));
amr_log_mr_conf(DRTP, LOGL_DEBUG, gsm_lchan_name(lchan),
&lchan->tch.amr_mr);
amr_log_mr_conf(DRTP, LOGL_DEBUG, gsm_lchan_name(lchan), &lchan->tch.amr_mr);
lchan->tch.last_cmr = AMR_CMR_NONE;
}
/* 9.3.53 MultiRate Control */
@ -1556,6 +1555,7 @@ static int rsl_rx_mode_modif(struct msgb *msg)
struct gsm_lchan *lchan = msg->lchan;
struct rsl_ie_chan_mode *cm;
struct tlv_parsed tp;
int rc;
rsl_tlv_parse(&tp, msgb_l3(msg), msgb_l3len(msg));
@ -1588,17 +1588,16 @@ static int rsl_rx_mode_modif(struct msgb *msg)
/* 9.3.52 MultiRate Configuration */
if (TLVP_PRESENT(&tp, RSL_IE_MR_CONFIG)) {
if (TLVP_LEN(&tp, RSL_IE_MR_CONFIG) > sizeof(lchan->mr_bts_lv) - 1) {
rc = amr_parse_mr_conf(&lchan->tch.amr_mr,
TLVP_VAL(&tp, RSL_IE_MR_CONFIG),
TLVP_LEN(&tp, RSL_IE_MR_CONFIG));
if (rc < 0) {
LOGPLCHAN(lchan, DRSL, LOGL_ERROR, "Error parsing MultiRate conf IE\n");
rsl_tx_error_report(msg->trx, RSL_ERR_IE_CONTENT, &dch->chan_nr, NULL, msg);
return rsl_tx_mode_modif_nack(lchan, RSL_ERR_IE_CONTENT);;
}
memcpy(lchan->mr_bts_lv, TLVP_VAL(&tp, RSL_IE_MR_CONFIG) - 1,
TLVP_LEN(&tp, RSL_IE_MR_CONFIG) + 1);
amr_parse_mr_conf(&lchan->tch.amr_mr, TLVP_VAL(&tp, RSL_IE_MR_CONFIG),
TLVP_LEN(&tp, RSL_IE_MR_CONFIG));
amr_log_mr_conf(DRTP, LOGL_DEBUG, gsm_lchan_name(lchan),
&lchan->tch.amr_mr);
amr_log_mr_conf(DRTP, LOGL_DEBUG, gsm_lchan_name(lchan), &lchan->tch.amr_mr);
lchan->tch.last_cmr = AMR_CMR_NONE;
}
/* 9.3.53 MultiRate Control */