gtlv: check memory bounds 1/3: encoding TLV

Introduce a maximum bound of memory access to the osmo_gtlv API.

Properly pass const-ness within the gtlv implementation. This patch adds
membof_const(). The following patch will add the non-const membof()
equivalent, which is not needed in this patch, yet.

Coverity CID#275417 drew my attention to the fact that the gtlv decoding
and encoding does not actually guard against access past the end of the
decoded struct.

We have not yet officially released libosmo-gtlv; also, osmo-upf and
osmo-hnbgw so far only use the libosmo-pfcp API, which "hides" the gtlv
API. Hence just change the API without a backwards compat shim.

Related: CID#275417
Related: SYS#5599
Change-Id: Id8d997c9d5e655ff1842ec69eab6c073875c6330

1 files changed, 2 insertions, 1 deletions

diff --git a/src/libosmo-gtlv/gtlv_gen.c b/src/libosmo-gtlv/gtlv_gen.c
index fd3fbd9..9fe4b0c 100644
--- a/src/libosmo-gtlv/gtlv_gen.c
+++ b/src/libosmo-gtlv/gtlv_gen.c
@@ -388,7 +388,8 @@ static void write_c()
 		"int %s_ies_encode(struct osmo_gtlv_put *gtlv, const union %s_ies *src,\n"
 		"	%s message_type, osmo_gtlv_err_cb err_cb, void *err_cb_data, const struct value_string *iei_strs)\n"
 		"{\n"
-		"	return osmo_gtlvs_encode(gtlv, src, 0, %s_get_msg_coding(message_type), err_cb, err_cb_data, iei_strs);\n"
+		"	return osmo_gtlvs_encode(gtlv, src, sizeof(*src), 0, %s_get_msg_coding(message_type),\n"
+		"		err_cb, err_cb_data, iei_strs);\n"
 		"}\n",
 		g_cfg->proto_name, g_cfg->proto_name, g_cfg->message_type_enum ? : "int", g_cfg->proto_name);
 	printf("\n"