Add explicit check for SI2quater index and count
diff mbox

Message ID 1458144712-16068-1-git-send-email-msuraev@sysmocom.de
State Superseded
Headers show

Commit Message

Max March 16, 2016, 4:11 p.m. UTC
From: Max <msuraev@sysmocom.de>

Right now we do not support multiple SI2quater messages, so return error
if either index or count is non-zero.
---
 src/common/rsl.c | 21 +++++++++++++++++++--
 1 file changed, 19 insertions(+), 2 deletions(-)

Comments

Harald Welte March 16, 2016, 6:50 p.m. UTC | #1
Hi Max,

On Wed, Mar 16, 2016 at 05:11:52PM +0100, msuraev@sysmocom.de wrote:
> +				LOGP(DRSL, LOGL_ERROR,
> +				     " Rx RSL SI2quater witn unsupported index %u, count %u\n",

please watch the line length, thanks.

Patch
diff mbox

diff --git a/src/common/rsl.c b/src/common/rsl.c
index a503355..ed8cced 100644
--- a/src/common/rsl.c
+++ b/src/common/rsl.c
@@ -298,9 +298,10 @@  static int rsl_rx_bcch_info(struct gsm_bts_trx *trx, struct msgb *msg)
 {
 	struct gsm_bts *bts = trx->bts;
 	struct tlv_parsed tp;
-	uint8_t rsl_si;
+	uint8_t rsl_si, si2q_index, si2q_count;
 	enum osmo_sysinfo_type osmo_si;
-
+	struct gsm48_system_information_type_2quater *si2q;
+	struct bitvec bv;
 	rsl_tlv_parse(&tp, msgb_l3(msg), msgb_l3len(msg));
 
 	/* 9.3.30 System Info Type */
@@ -327,6 +328,22 @@  static int rsl_rx_bcch_info(struct gsm_bts_trx *trx, struct msgb *msg)
 			TLVP_VAL(&tp, RSL_IE_FULL_BCCH_INFO), len);
 		LOGP(DRSL, LOGL_INFO, " Rx RSL BCCH INFO (SI%s)\n",
 			get_value_string(osmo_sitype_strs, osmo_si));
+
+		if (SYSINFO_TYPE_2quater == osmo_si) {
+			si2q = (struct gsm48_system_information_type_2quater *)
+				bts->si_buf[SYSINFO_TYPE_2quater];
+			bv.data = si2q->rest_octets;
+			bv.data_len = 20;
+			bv.cur_bit = 3;
+			si2q_index = (uint8_t) bitvec_get_uint(&bv, 4);
+			si2q_count = (uint8_t) bitvec_get_uint(&bv, 4);
+			if (si2q_index || si2q_count) {
+				LOGP(DRSL, LOGL_ERROR,
+				     " Rx RSL SI2quater witn unsupported index %u, count %u\n",
+				     si2q_index, si2q_count);
+				return rsl_tx_error_report(trx, RSL_ERR_IE_CONTENT);
+			}
+		}
 	} else if (TLVP_PRESENT(&tp, RSL_IE_L3_INFO)) {
 		uint16_t len = TLVP_LEN(&tp, RSL_IE_L3_INFO);
 		if (len > sizeof(sysinfo_buf_t))