cellular-infrastructure
/
osmo-sgsn
mirror of https://gerrit.osmocom.org/osmo-sgsn
9
0
Fork 0
Code Issues Releases Wiki Activity

[system_information] Initialize the buffer before moving it 

In the case of ipaccess we are doing a ++output but then still
try to write 23 bytes into it and on my system this is leading
to a stack corruption.
This commit is contained in:
Holger Hans Peter Freyther 2010-01-06 07:52:55 +01:00
parent 88ca894df7
commit 8d123ea3c0
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
openbsc/src/system_information.c
View File

@ -319,6 +319,8 @@ static int generate_si5(u_int8_t *output, struct gsm_bts *bts)
struct gsm48_system_information_type_5 *si5;
int rc, l2_plen = 18;
memset(output, GSM_MACBLOCK_PADDING, GSM_MACBLOCK_LEN);
/* ip.access nanoBTS needs l2_plen!! */
if (is_ipaccess_bts(bts)) {
*output++ = (l2_plen << 2) | 1;
@ -326,7 +328,6 @@ static int generate_si5(u_int8_t *output, struct gsm_bts *bts)
}
si5 = (struct gsm48_system_information_type_5 *) output;
memset(si5, GSM_MACBLOCK_PADDING, GSM_MACBLOCK_LEN);
/* l2 pseudo length, not part of msg: 18 */
si5->rr_protocol_discriminator = GSM48_PDISC_RR;
@ -345,6 +346,8 @@ static int generate_si6(u_int8_t *output, struct gsm_bts *bts)
struct gsm48_system_information_type_6 *si6;
int l2_plen = 11;
memset(output, GSM_MACBLOCK_PADDING, GSM_MACBLOCK_LEN);
/* ip.access nanoBTS needs l2_plen!! */
if (is_ipaccess_bts(bts)) {
*output++ = (l2_plen << 2) | 1;
@ -352,7 +355,6 @@ static int generate_si6(u_int8_t *output, struct gsm_bts *bts)
}
si6 = (struct gsm48_system_information_type_6 *) output;
memset(si6, GSM_MACBLOCK_PADDING, GSM_MACBLOCK_LEN);
/* l2 pseudo length, not part of msg: 11 */
si6->rr_protocol_discriminator = GSM48_PDISC_RR;