osmocom
/
libosmocore
mirror of https://gerrit.osmocom.org/libosmocore
11
0
Fork 0
Code Issues Releases Wiki Activity
libosmocore/src
History
Harald Welte 96c61074f5 tlv_parser: Fix various out-of-bounds accesses 
The libosmocore TLV parser had a number of insufficient bounds checks
leading to reads beyond the end of the respective input buffer.

This patch
* adds proper out-of-bounds checks to all TLV types
* simplifies some of the existing checks
* introduces test cases to test all the corner cases
  where either TAG, or length, or value are not fully contained
  in the input buffer.

Thanks to Ilja Van Sprundel for reporting these problems.

Change-Id: I98b02c914c9e3ecf56050af846292aa6979d7508
 		2021-01-12 23:24:12 +01:00
..
codec codec: Add functions for AMR s->d bits and d->s bits 2020-05-14 14:51:22 +02:00
coding gsm0505_amr_dtx: add missing value strings 2020-05-12 18:13:30 +00:00
ctrl Bump version: 1.1.0.107-afce-dirty → 1.2.0 2019-08-06 18:02:02 +02:00
gb Bump version: 1.3.0.173-51974 → 1.4.0 2020-08-13 11:06:36 +02:00
gsm tlv_parser: Fix various out-of-bounds accesses 2021-01-12 23:24:12 +01:00
pseudotalloc pseudotalloc: Simplistic wrapper of talloc_named() 2019-07-31 10:16:07 +02:00
sim Bump version: 1.3.0.173-51974 → 1.4.0 2020-08-13 11:06:36 +02:00
usb usb: Add osmo_libusb_find_open_claim() all-in-one API 2020-05-12 05:43:21 +00:00
vty vty: Introduce support to set cpu-affinity and scheduler policy 2020-08-10 14:11:18 +00:00
Makefile.am Bump version: 1.3.0.173-51974 → 1.4.0 2020-08-13 11:06:36 +02:00
application.c application.c: drop wrong \references of osmo_init_ignore_signals() 2019-04-25 02:23:52 +07:00
backtrace.c Fix/Update copyright notices; Add SPDX annotation 2017-11-13 01:35:12 +09:00
bitcomp.c bitcomp.c: fix missing Doxygen group closing tag 2019-04-25 02:23:52 +07:00
bits.c bits.c: Use faster look-up-table approach for osmo_revbytebits_{buf,u8} 2020-08-02 11:30:31 +02:00
bitvec.c bitvec: avoid redundant zero-initialization in bitvec_alloc() 2020-02-19 18:33:39 +07:00
context.c context: Add support for [per-thread] global talloc contexts 2019-08-27 13:43:31 +02:00
conv.c conv: prevent theoretical NULL pointer dereference in osmo_conv_encode() 2020-02-09 04:27:47 +07:00
conv_acc.c libomsocoding: NEON viterbi acceleration 2020-08-06 16:47:40 +00:00
conv_acc_generic.c Fix/Update copyright notices; Add SPDX annotation 2017-11-13 01:35:12 +09:00
conv_acc_neon.c libomsocoding: NEON viterbi acceleration 2020-08-06 16:47:40 +00:00
conv_acc_neon_impl.h libomsocoding: NEON viterbi acceleration 2020-08-06 16:47:40 +00:00
conv_acc_sse.c conv_acc: Our code requires SSSE3, not just SSE3 2017-11-17 11:44:22 +01:00
conv_acc_sse_avx.c conv_acc: Our code requires SSSE3, not just SSE3 2017-11-17 11:44:22 +01:00
conv_acc_sse_impl.h Fix/Update copyright notices; Add SPDX annotation 2017-11-13 01:35:12 +09:00
counter.c counters: add osmo_counters_count() returns the amount of counters 2017-12-05 16:06:27 +01:00
crc16.c Fix/Update copyright notices; Add SPDX annotation 2017-11-13 01:35:12 +09:00
crcXXgen.c.tpl Fix/Update copyright notices; Add SPDX annotation 2017-11-13 01:35:12 +09:00
exec.c exec: osmo_system_nowait2: initalize *pw pointer with NULL 2020-05-12 11:03:51 +00:00
fsm.c fsm: refuse state chg and events after term 2019-10-29 17:28:30 +01:00
gsmtap_util.c Revert "gsmtap_makemsg_ex: NULL for unknown chan_type" 2020-07-09 11:43:48 +00:00
isdnhdlc.c isdnhdlc: Port from kernel to userspace 2018-05-11 21:57:46 +02:00
logging.c logging: do not allow multiple calls of log_init() 2020-05-12 17:51:25 +02:00
logging_gsmtap.c logging_gsmtap.c: document all params of log_target_create_gsmtap() 2019-03-27 08:56:21 +01:00
logging_syslog.c Fix/Update copyright notices; Add SPDX annotation 2017-11-13 01:35:12 +09:00
loggingrb.c Fix/Update copyright notices; Add SPDX annotation 2017-11-13 01:35:12 +09:00
macaddr.c osmo_get_macaddr: Fix buffer read out of bounds 2018-04-18 08:57:56 +00:00
msgb.c make all library-internal static buffers thread-local 2019-06-04 10:47:30 +02:00
msgfile.c memleak: osmo_config_list_parse: getline() needs free also on error 2017-11-18 10:30:57 +00:00
panic.c osmo_panic(): Annotate as __attribute__ ((noreturn)) 2018-06-29 20:32:57 +02:00
plugin.c Fix/Update copyright notices; Add SPDX annotation 2017-11-13 01:35:12 +09:00
prbs.c Fix/Update copyright notices; Add SPDX annotation 2017-11-13 01:35:12 +09:00
prim.c Fix/Update copyright notices; Add SPDX annotation 2017-11-13 01:35:12 +09:00
rate_ctr.c rate_ctr: Add functions to reset rate counter (groups) 2020-07-17 16:41:31 +00:00
rbtree.c Fix/Update copyright notices; Add SPDX annotation 2017-11-13 01:35:12 +09:00
select.c Drop old BSC references in fd check configure option 2020-05-11 17:24:16 +00:00
sercomm.c Fix/Update copyright notices; Add SPDX annotation 2017-11-13 01:35:12 +09:00
serial.c cosmetic: clarify c_iflag in osmo_serial_init() 2019-09-28 13:00:48 +02:00
signal.c Revert "signal.c: Make non-exported tall_sigh_ctx static" 2019-03-22 13:25:01 +01:00
sockaddr_str.c osmo_sockaddr_str: deprecate osmo_sockaddr_str_*_32n() 2019-11-24 19:59:35 +01:00
socket.c osmo_sock_init2: improve support for AF_UNSPEC 2020-08-06 16:41:20 +00:00
stat_item.c stat_item: Add function to reset stat items and groups 2020-07-17 16:41:31 +00:00
stats.c stats: Add stats commands related to testing 2020-07-17 16:41:31 +00:00
stats_statsd.c statsd: fix rendering for groups with idx==0 2020-05-10 00:32:44 +03:00
strrb.c Fix/Update copyright notices; Add SPDX annotation 2017-11-13 01:35:12 +09:00
tdef.c tdef: Return correct snprintf value for osmo_tdef_range_str_buf() 2019-10-18 09:20:58 +00:00
timer.c timer.c: make timers thread safe 2020-04-19 02:21:05 +02:00
timer_clockgettime.c Fix embedded (arm-none-eabi) builds 2018-06-28 10:30:34 +02:00
timer_gettimeofday.c timer: Document osmo_gettimeofday API 2018-03-01 12:33:03 +00:00
use_count.c add osmo_use_count API 2019-04-08 13:47:17 +00:00
utils.c add osmo_mobile_identity API 2020-06-16 15:17:48 +02:00
write_queue.c select: Rename BSC_FD_* constants to OSMO_FD_* 2019-03-21 16:02:01 +00:00