cellular-infrastructure
/
osmo-msc
mirror of https://gerrit.osmocom.org/osmo-msc
9
0
Fork 0
Code Issues Releases Wiki Activity
osmo-msc/openbsc/src
History
Daniel Willmann 1fc8ec66a3 smpp_smsc: Fix integer overflow in read return value and msgb_alloc() 
The size parameter of msgb_alloc is uint16_t so any length value above
65535 will allocate a msgb with incorrect size.

This patch changes the type of rdlen and rc to ssize_t (the return value
of read) and guards against the read length being larger than
UINT16_MAX.

To reproduce the issue run:
echo -en "\x00\x01\x00\x01\x01" |socat stdin tcp:localhost:2775
 		2014-03-06 23:20:30 +01:00
..
gprs gbproxy: The "[stats]" option was not documented, document it 2013-11-03 17:34:17 +01:00
ipaccess build: Remove bogus depends from ipaccess-config 2013-12-13 10:18:32 +01:00
libbsc libbsc: Add command to set MNC/MCC and apply it if something changed 2014-03-04 20:38:49 +01:00
libcommon vty: Use vty_install_default() instead of bsc_install_default() 2013-10-30 15:19:00 +01:00
libctrl ctrl: Set a generic reply when it hasn'n been set 2013-09-16 14:07:20 +02:00
libgb Makefile.am: Use AM_CPPFLAGS 2013-06-12 09:16:27 +02:00
libmgcp mgcp/rtp: Base jitter calculation on input timestamps 2014-01-31 11:45:25 +01:00
libmsc smpp_smsc: Fix integer overflow in read return value and msgb_alloc() 2014-03-06 23:20:30 +01:00
libtrau Add function to update TRAU muxer after assignment or handover 2014-01-27 14:39:06 +01:00
osmo-bsc bsc: Include the MCC/MNC in the location trap 2014-03-04 20:39:16 +01:00
osmo-bsc_mgcp mgcp: Send RTP keepalive dummy packets to net 2014-01-16 13:20:51 +01:00
osmo-bsc_nat nat: Introduce command to remove an access-list-name 2014-03-04 20:39:38 +01:00
osmo-nitb nitb: Add a test for "show network" in the python testsuite. 2014-03-06 17:31:23 +01:00
utils smpp_mirror: Initialize rc when cmd_id is not DELIVER_SM 2013-12-12 16:20:01 +01:00
Makefile.am Makefile.am: Use AM_CPPFLAGS 2013-06-12 09:16:27 +02:00