[GPRS] NS: correctly pass the NS payload length to the TLV parser
diff --git a/openbsc/src/gprs/gprs_ns.c b/openbsc/src/gprs/gprs_ns.c
index c5cf962..3db1d67 100644
--- a/openbsc/src/gprs/gprs_ns.c
+++ b/openbsc/src/gprs/gprs_ns.c
@@ -564,7 +564,8 @@
LOGP(DNS, LOGL_NOTICE, "NSEI=%u Rx NS STATUS ", nsvc->nsei);
- rc = tlv_parse(&tp, &ns_att_tlvdef, nsh->data, msgb_l2len(msg), 0, 0);
+ rc = tlv_parse(&tp, &ns_att_tlvdef, nsh->data,
+ msgb_l2len(msg) - sizeof(*nsh), 0, 0);
if (rc < 0) {
LOGPC(DNS, LOGL_NOTICE, "Error during TLV Parse\n");
LOGP(DNS, LOGL_ERROR, "NSEI=%u Rx NS STATUS: "
@@ -592,7 +593,8 @@
uint16_t *nsvci, *nsei;
int rc;
- rc = tlv_parse(&tp, &ns_att_tlvdef, nsh->data, msgb_l2len(msg), 0, 0);
+ rc = tlv_parse(&tp, &ns_att_tlvdef, nsh->data,
+ msgb_l2len(msg) - sizeof(*nsh), 0, 0);
if (rc < 0) {
LOGP(DNS, LOGL_ERROR, "NSEI=%u Rx NS RESET "
"Error during TLV Parse\n", nsvc->nsei);
@@ -642,7 +644,8 @@
nsvc->state |= NSE_S_BLOCKED;
- rc = tlv_parse(&tp, &ns_att_tlvdef, nsh->data, msgb_l2len(msg), 0, 0);
+ rc = tlv_parse(&tp, &ns_att_tlvdef, nsh->data,
+ msgb_l2len(msg) - sizeof(*nsh), 0, 0);
if (rc < 0) {
LOGP(DNS, LOGL_ERROR, "NSEI=%u Rx NS BLOCK "
"Error during TLV Parse\n", nsvc->nsei);
@@ -706,11 +709,10 @@
#endif
}
rc = tlv_parse(&tp, &ns_att_tlvdef, nsh->data,
- msgb_l2len(msg), 0, 0);
- rc = tlv_parse(&tp, &ns_att_tlvdef, nsh->data, msgb_l2len(msg), 0, 0);
+ msgb_l2len(msg) - sizeof(*nsh), 0, 0);
if (rc < 0) {
- LOGP(DNS, LOGL_ERROR, "Rx NS RESET Error during "
- "TLV Parse\n");
+ LOGP(DNS, LOGL_ERROR, "Rx NS RESET Error %d during "
+ "TLV Parse\n", rc);
return rc;
}
if (!TLVP_PRESENT(&tp, NS_IE_CAUSE) ||