aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorStefan Sperling <ssperling@sysmocom.de>2018-11-22 12:22:48 +0100
committerStefan Sperling <ssperling@sysmocom.de>2018-11-22 12:23:53 +0100
commit81c97ff632651717d70dc3fb859d14a3ce91424e (patch)
treea96ec66b3dba24e02ed1d489c6ba39a21df9e2f6
parenteefb70df2c6aa7b1362d5e8decf52af3ff95ecb9 (diff)
consistently check the result of osmo_shift_v_fixed()
Coverity points out we forgot to check the return value of osmo_shift_v_fixed() in some places. Add checks which verify the expected length of data which is skipped by the parser. Change-Id: I20406f411810e966443d6fd5a4620b9a66cd9809 Related: CID#135160
-rw-r--r--src/gprs/gprs_gb_parse.c15
1 files changed, 10 insertions, 5 deletions
diff --git a/src/gprs/gprs_gb_parse.c b/src/gprs/gprs_gb_parse.c
index 18565ae6..93b90a26 100644
--- a/src/gprs/gprs_gb_parse.c
+++ b/src/gprs/gprs_gb_parse.c
@@ -46,7 +46,8 @@ static int gprs_gb_parse_gmm_attach_req(uint8_t *data, size_t data_len,
/* Skip Attach type */
/* Skip Ciphering key sequence number */
/* Skip DRX parameter */
- osmo_shift_v_fixed(&data, &data_len, 3, NULL);
+ if (osmo_shift_v_fixed(&data, &data_len, 3, NULL) < 3)
+ return 0;
/* Get Mobile identity */
if (osmo_shift_lv(&data, &data_len, &value, &value_len) <= 0 ||
@@ -82,7 +83,8 @@ static int gprs_gb_parse_gmm_attach_ack(uint8_t *data, size_t data_len,
/* Skip Periodic RA update timer */
/* Skip Radio priority for SMS */
/* Skip Spare half octet */
- osmo_shift_v_fixed(&data, &data_len, 3, NULL);
+ if (osmo_shift_v_fixed(&data, &data_len, 3, NULL) < 3)
+ return 0;
if (osmo_shift_v_fixed(&data, &data_len, 6, &value) <= 0)
return 0;
@@ -170,7 +172,8 @@ static int gprs_gb_parse_gmm_ra_upd_req(uint8_t *data, size_t data_len,
/* Skip Update type */
/* Skip GPRS ciphering key sequence number */
- osmo_shift_v_fixed(&data, &data_len, 1, NULL);
+ if (osmo_shift_v_fixed(&data, &data_len, 1, NULL) < 1)
+ return 0;
if (osmo_shift_v_fixed(&data, &data_len, 6, &value) <= 0)
return 0;
@@ -221,7 +224,8 @@ static int gprs_gb_parse_gmm_ra_upd_ack(uint8_t *data, size_t data_len,
/* Skip Force to standby */
/* Skip Update result */
/* Skip Periodic RA update timer */
- osmo_shift_v_fixed(&data, &data_len, 2, NULL);
+ if (osmo_shift_v_fixed(&data, &data_len, 2, NULL) < 2)
+ return 0;
if (osmo_shift_v_fixed(&data, &data_len, 6, &value) <= 0)
return 0;
@@ -299,7 +303,8 @@ static int gprs_gb_parse_gsm_act_pdp_req(uint8_t *data, size_t data_len,
/* Skip Requested NSAPI */
/* Skip Requested LLC SAPI */
- osmo_shift_v_fixed(&data, &data_len, 2, NULL);
+ if (osmo_shift_v_fixed(&data, &data_len, 2, NULL) < 2)
+ return 0;
/* Skip Requested QoS (support 04.08 and 24.008) */
if (osmo_shift_lv(&data, &data_len, NULL, &value_len) <= 0 ||