From cb724a348482848e2cba34c19ac45afad87fbee6 Mon Sep 17 00:00:00 2001 From: Neels Hofmeyr Date: Thu, 11 Aug 2022 15:57:40 +0200 Subject: gtlv: check memory bounds 1/3: encoding TLV Introduce a maximum bound of memory access to the osmo_gtlv API. Properly pass const-ness within the gtlv implementation. This patch adds membof_const(). The following patch will add the non-const membof() equivalent, which is not needed in this patch, yet. Coverity CID#275417 drew my attention to the fact that the gtlv decoding and encoding does not actually guard against access past the end of the decoded struct. We have not yet officially released libosmo-gtlv; also, osmo-upf and osmo-hnbgw so far only use the libosmo-pfcp API, which "hides" the gtlv API. Hence just change the API without a backwards compat shim. Related: CID#275417 Related: SYS#5599 Change-Id: Id8d997c9d5e655ff1842ec69eab6c073875c6330 --- tests/libosmo-gtlv/gtlv_dec_enc_test.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'tests/libosmo-gtlv/gtlv_dec_enc_test.c') diff --git a/tests/libosmo-gtlv/gtlv_dec_enc_test.c b/tests/libosmo-gtlv/gtlv_dec_enc_test.c index e02a2e5..63de266 100644 --- a/tests/libosmo-gtlv/gtlv_dec_enc_test.c +++ b/tests/libosmo-gtlv/gtlv_dec_enc_test.c @@ -387,7 +387,8 @@ void test_enc_dec(const char *label, const struct osmo_gtlv_cfg *cfg, bool order .cfg = cfg, .dst = msgb_alloc(1024, __func__), }; - rc = osmo_gtlvs_encode(&put, (void *)orig, 0, msg_ie_coding, err_cb, &verify_err_cb_data, tag_names); + rc = osmo_gtlvs_encode(&put, (void *)orig, sizeof(*orig), 0, msg_ie_coding, + err_cb, &verify_err_cb_data, tag_names); printf("osmo_gtlvs_encode() rc = %d\n", rc); printf("%s.\n", osmo_hexdump(put.dst->data, put.dst->len)); -- cgit v1.2.3