vty_test: add test against ambiguous cmd causing use-after-free and memory
leaks. Add this test along with the fix, because the new test triggers the
memory use-after-free and leaks, causing build failures.
Add cmd_deopt_with_ctx() to allow passing a specific talloc ctx.
is_cmd_ambiguous(): keep all cmd_deopt() allocations until the function exits.
Add a comment explaining why. Before this, if a command matched an optional
"[arg]" with square brackets, we would keep it in local var 'matched', but we
would free the string it points to at the end of that loop iteration; upon
encountering another match, we would attempt to strcmp against the freed
'matched'. Instead of adding hard-to-read and -verify free/alloc dances to keep
the 'matched' accurately freed/non-freed/..., just keep all cmd_deopt() string
allocated until done.
Needless to say that this should have been implemented on a lower level upon
inventing optional args, but at least this is fixing a program crash.
Related: OS#33903390
Change-Id: Ia71ba742108b5ff020997bfb612ad5eb30d04fcd
The conv_gen.py utility was tested against both Python 2 and 3,
so there is no need to enforce Python 2. Also, having:
#!/usr/local/bin/python{2|3}
is a bad idea, because Python may be installed in a different location.
Change-Id: I6007d481047b584db13d6eda70fb99f11f9ddaa1
In Change-Id I5a70eb65952cbc329bf96eacb428b07a9da32433 we redirected
all OSMO_ASSERT() via osmo_panic(). However, this caused various
applications to have build failures, as OSMO_ASSERT() now appeared
to be able to return to the call site. Let's inform the compiler
explicitly that there's no return from osmo_panic().
Change-Id: I8adf4c7b0ee6a4581cef8dd4e9f6a1dfde70ee55
A loooong time ago, we introduced osmo_panic() as a wrapper around
abort(). The advantage is, that this wrapper can be overridden, and
that it will also work in embedded (bare iron) targets, where the
abort simply translates to an infinite loop.
Change-Id: I5a70eb65952cbc329bf96eacb428b07a9da32433
The jenkins build job used to call this script using an "arch"
it doesn't understand. This should have resulted in an error,
but it didn't as there was a missing "exit 1" statement :(
Related: OS#3360
Change-Id: Ib27c9ebaf2630c432b1923f8e14b36e7772a6033
The jenkins build job is calling the script using "amd64" and
"arm-none-eabi", while the script expects "amd64" and "arm".
Let's add "arm-none-eabi" as an alias for "arm".
Closes: OS#3360
Change-Id: Idedd4778a63d67cdbf4f4d538bf4a225abb7547a
Due to OS#3360, build testing for arm-none-eabi was unfortunately
skipped for a long time. This is a number of fixes that make the
compile test pass again.
Related: OS#3360
Change-Id: I88e3c8e1a8786ca2a6a023b0d27c74be200a8588
Return "invalid mandatory information" error status to
the sender in case bssgp_tlv_parse() failed.
To avoid loops, do not respond with an error status to
STATUS PDUs which failed parsing.
Change-Id: If73719b75a94d6742bdefc9b6572525cb00a96ee
Related: OS#3178
The return code from bssgp_tlv_parse() was not checked for a parsing
error. In case of a parsing error the stored return code could have
been overwritten later in this function.
Explicitly check for a parsing error and log corresponding packets.
Change-Id: Id3d7c52ec3df2bcf4efcee0e0b14fe22ef96964e
Related: OS#3178
Add:
gsm0808_create_handover_detect()
gsm0808_create_handover_complete()
gsm0808_create_handover_failure()
To existing structs gsm0808_old_bss_to_new_bss_info and
gsm0808_handover_required, add a final 'more_items' flag that makes future
extensions API and ABI compatible.
Fix the msgb string for Handover Request Ack.
Extend some API doc comments.
Related: OS#2283 (inter-BSC Handover, BSC side, MT)
Change-Id: I03ee7ce840ecfa0b6a33358e7385528aabd4873f
In Change-Id I1cee271fed0284a134ffed103c0d4bebbcfde2a8 we added support
for a new session state IE, but we didn't add any value_string array
for string conversion of it. Let's fix this.
Change-Id: I3d9f087786dc37c42498fa9a2be07483ec93ba7b
This function can be used to resolve the error message type for
a given message type. Can be used by generic error handlers that
work for any incoming message type.
Change-Id: Ic637bec53dd7fe3ec83da99b49b4eae34d5602b2
This function can be used when there is only a part of GSM 04.80
message available - Facility IE, e.g. when a message is carried
over GSUP/MAP. Let's expose it.
Refactoring includes the following:
- adding the 'gsm0480_' prefix;
- correcting inverted return value;
- cosmetic code style changes.
Change-Id: I623c39ffbe6cdee65eade8435a2faa04d0da193e
In some cases, there is no need to parse the whole message,
e.g. during the conversion from DTAP to GSUP/MAP. This
function can be used to extract given IE from a message.
Change-Id: I3989d061903352473305f80712f1a1560d05df3d
This function permits the user to register deprecated log categories,
which will ensure that if log categories are removed from a program,
old config files will still load.
We simply dynamically allocate a cmd_element and install it at
CFG_LOG_NODE. Not registering it at VIEW_NODE or ENABLE_NODE
ensures that it's not accessible from the interactive VTY, but only
from the config file / configure node.
Change-Id: I171f62ea2dc565b3a6c3eecd27fb7853e2529598
The general idea about each osmo_fsm_instance having a separate
log-level was to be able to selectively increase/show/enable logging
for some FSM instances (e.g. of a particular subscriber) while
maintaining normal logging verbosity for all other instances of the
same FSM.
The introduction of LOGPFSML() in Change-Id
If295fdabb3f31a0fd9490d1e0df57794c75ae547 broke that idea, as it would
use a compile-time log level, irrespective of the
osmo_fsm_inst.log_level setting of the given instance.
Let's combine the two:
Use the explicit level stated at LOGPFSML(), _unless_ this instance
has a higher log_level configured.
This way, all FSMs should normally be created with
osmo_fsm_inst.log_level == LOGL_DEBUG. At that point LOGPFSM()
statements would be rendered at debug level, typically below the
threshold of most logging configurations.
Code that has explicit higher log levels like LOGPFSML(fi, LOGL_ERROR)
would always be printed, as it is an error message.
And if we now increase the osmo_fsm_inst.log_level, then even the normal
LOGPFSM() statements would suddenly be logged at that higher level,
selectively increasing log verbosity - like originally intended.
Change-Id: I1820f04d0c6f5d5ff08eb95b8c0e88764534491a
In order to be able to transfer SS/USSD messages via GSUP,
this change introduces the following new message types:
- OSMO_GSUP_MSGT_PROC_SS_*,
and the following new IE:
- OSMO_GSUP_SS_INFO_IE
which represents an ASN.1 encoded MAP payload coming to/from
the mobile station 'as is', without any transcoding.
Change-Id: Ie17a78043a35fffbdd59e80fd2b2da39cce5e532
Related: OS#1597
Unlike TCAP/MAP, GSUP is just a transport layer without the
dialogue/context. This prevents us from having session based
communication, required e.g. for USSD. But we can emulate
TCAP dialogue by adding additional IEs, which would allow
to relate each message to a particular session.
This change introduces the following IEs:
- OSMO_GSUP_SESSION_ID_IE,
- OSMO_GSUP_SESSION_STATE_IE,
which optionally can be used to indicate that the message is
related to a session with given ID, and to manage session
state, i.e. initiate, continue, and finish.
Change-Id: I1cee271fed0284a134ffed103c0d4bebbcfde2a8
Related: OS#1597
According to the 3GPP TS 04.80, table 2.5 'Release complete', a
RELEASE_COMPLETE message may containg optional FACILITY element.
Meanwhile, the 0xff byte is used to indicate that there is no
decoded message (legacy field). Let's avoid overwriting of
a decoded message.
Change-Id: I0c85292222749a48ca0c4b2e93f4fa2d61468c18
The idea is to be able to add a gsm0808_cell_id to a gsm0808_cell_id_list2:
first convert it to a list, then re-use gsm0808_cell_id_list_add(). It will be
used by osmo-bsc to manage neighbor-BSS cell identifiers from VTY.
Change-Id: Ibf746ac60b1b1e920baf494b396658a5ceabd788
There are some symbols for use between control_cmd.c and control_if.c,
which are not supposed to be exported publicly. Let's make sure we
keep those symbols local.
Change-Id: Ia85f36a9c4b2ebf4003718e0a230959638370320
Add a new VTY command which shows all rate counters registered
with libosmocore.
Change-Id: Id60a5aa2d961ae99cddf1e776358a5517dbc573d
Depends: Idb3ec12494ff6a3a05efcc8818e78d1baa6546bd
Related: OS#3245
This new function can be used to print a rate counter group according
to a format string. The intention is to generalize and replace manual
printing of counters as implemented for the 'show statistics' VTY
command of osmo-bsc.
Related: OS#3245
Related: osmo-bsc commit 71d524c059c5a5c90e7cb77d8a2134c1c68b9cde (g#9217)
Change-Id: Idb3ec12494ff6a3a05efcc8818e78d1baa6546bd
For some strange reason, the osmo_mncc_name() inline function
was not in the mncc.h header, but in the mncc.c file. Let's fix that.
Change-Id: I2c3666510c981dffa4ba25bed517fd7ebd1250f5
Fixes following AddressSanitizer report during gea_test run with gcc
8.1.0:
==8899==ERROR: AddressSanitizer: dynamic-stack-buffer-overflow on address 0x7ffc5f1719bb at pc 0x7fe574adc5fe bp 0x7ffc5f171460 sp 0x7ffc5f171450
WRITE of size 1 at 0x7ffc5f1719bb thread T0
#0 0x7fe574adc5fd in osmo_store64be_ext ../../include/osmocom/core/bit64gen.h:75
#1 0x7fe574adc649 in osmo_store64be ../../include/osmocom/core/bit64gen.h:104
#2 0x7fe574ade936 in _kasumi_kgcore libosmocore/src/gsm/kasumi.c:186
#3 0x7fe574ae2532 in gea4 libosmocore/src/gsm/gea.c:44
#4 0x7fe574ae266c in gea3 libosmocore/src/gsm/gea.c:60
#5 0x7fe574a9b616 in gprs_cipher_run libosmocore/src/gsm/gprs_cipher_core.c:95
#6 0x56422d3fb2ee in test_gea libosmocore/tests/gea/gea_test.c:29
#7 0x56422d3fb506 in main libosmocore/tests/gea/gea_test.c:49
#8 0x7fe5730f406a in __libc_start_main (/usr/lib/libc.so.6+0x2306a)
#9 0x56422d3fadf9 in _start (libosmocore/tests/gea/.libs/lt-gea_test+0x1df9)
The kasumi_test is updated to calculate the entire array of bits
according to expected result. Before this commit it worked by writing
the entire last 64bit block, and addressSanitizer cannot catch it
because the allocated buffer is 64bit aligned too.
Change-Id: I7b2a0224a3b5527d5a3ad7e17efc73081b63eac1
Before this patch, osmo_hexdump is called stacked in th esame printf
function. As a result, the first returned buffer is overwriten by the
second, which means the printed buffers will show as the same always.
Change-Id: I364328a59da31537c6c9b969e34edd360b685081
Neels Hofmeyr
Harald Welte
Pau Espin
Daniel Willmann
Keith Whyte