cellular-infrastructure
/
osmo-bts
mirror of https://gerrit.osmocom.org/osmo-bts
9
0
Fork 0
Code Issues Releases Wiki Activity
osmo-bts/src/common
History
Pau Espin 54be46949e l1sap: Validate incoming RTP payload, drop bw-efficient AMR 
A recurrent kernel crash in sysmobts (several kernel versions)
corrupting kernel memory in random places has been investigated and
reproduced by placing a call against an MSC sending RTP
with bandwidth-efficient AMR payload to osmo-bts-sysmo.
The osmo-bts-sysmo in turn sends the payload to the femtobts related
kernel modules via a msgq, which most probably fail to handle correctly
this bw-efficient AMR payload and corrupt the kernel memory.

First approach was to drop the bw-efficient AMR payloads lower in the
stack in sysmo specific code (l1if_tch_encode), but as there's no bts
model in osmo-bts actually supporting bw-efficient AMR, let's drop it
early in the incoming path for all models to avoid further problems.

Related: SYS#4063

Change-Id: If0c9233c628c724de4ab74e58e3e2affac79e6d0
 		2018-02-09 13:15:51 +01:00
..
Makefile.am Remove build dependency on legacy OpenBSC 2017-10-08 18:40:09 +02:00
abis.c OML: internalize failure reporting 2017-01-25 13:24:52 +01:00
amr.c Fix some spelling errors 2016-12-22 14:04:22 +00:00
bts.c Fix Downlink AMR FSM name to avoid illegal space character 2017-10-24 18:43:45 +02:00
bts_ctrl_commands.c Add ctrl command to send OML alert 2017-01-25 13:29:03 +01:00
bts_ctrl_lookup.c CTRL: make the CTRL-Interface IP address configurable 2017-01-10 15:45:59 +00:00
cbch.c fix compiler warning: printf format for sizeof() 2016-06-17 15:34:42 +00:00
dtx_dl_amr_fsm.c Fix Downlink AMR FSM name to avoid illegal space character 2017-10-24 18:43:45 +02:00
gsm_data_shared.c Print much more information during 'show lchan' 2018-02-05 23:18:53 +01:00
handover.c Check for suitable lchan type when detecting HO 2017-03-14 14:17:44 +00:00
l1sap.c l1sap: Validate incoming RTP payload, drop bw-efficient AMR 2018-02-09 13:15:51 +01:00
lchan.c cosmetic: common ts_is_pdch() 2016-08-30 07:35:47 +00:00
load_indication.c paging: send CCCH load indications even if paging load below threshold 2012-11-24 22:28:44 +01:00
logging.c scheduler_trx: L1P is for PH (data), L1M for MPH (control) 2017-12-02 21:05:34 +01:00
main.c main.c: bts_main: fix typo in error message 2018-02-08 17:15:01 +00:00
measurement.c measurment.c: Introduce INFO category for DMEAS logging 2017-12-02 21:06:06 +00:00
msg_utils.c Fix AMR HR DTX FSM logic. 2017-02-01 19:13:16 +00:00
oml.c Add helper to get BCC from BSIC 2018-02-07 20:45:22 +01:00
paging.c Fix AGCH/PCH proportional allocation 2016-12-01 15:25:26 +00:00
pcu_sock.c Use existing function to obtain TSC 2018-01-04 11:47:33 +01:00
phy_link.c phy_link: Fix typo in state being printed 2017-05-24 19:26:48 +02:00
power_control.c Remove leftover comments and checks 2017-11-27 16:17:16 +01:00
rsl.c fix nullpointer deref in rsl_tx_mode_modif_nack() 2018-01-26 12:42:10 +01:00
scheduler.c scheduler: Harmonize log line format; Always print TS name + decoded FN 2017-12-02 21:05:34 +01:00
sysinfo.c Ensure we don't send dummy UI frames on BCCH for TC=5 2017-07-15 22:36:10 +02:00
tx_power.c sysmobts: Don't start with 0dBm TRX output power before ramping 2017-04-06 18:41:01 +02:00
vty.c vty: don't print "Bound IP / Port" if it isn't bound [yet] 2018-02-05 23:18:56 +01:00