commit | 6eeef115a9096b954dd6d873978abbb28055d301 | [log] [tgz] |
---|---|---|
author | Neels Hofmeyr <neels@hofmeyr.de> | Wed Dec 20 23:14:45 2017 +0100 |
committer | Neels Hofmeyr <neels@hofmeyr.de> | Wed Dec 20 23:31:45 2017 +0100 |
tree | b8087e3385f1365b128004039fa0f985635b0bcb | |
parent | 66d6d760aab222c91bec5134c228ffc13f463235 [diff] |
hnbap,rua,ranap decode: fix segfault on decode error Looking at hnbap_decode_hnbregisterrequesties(), I noticed a segfault if decoding the HNB Register Request PDU fails, which is due to an unchecked return value in code generated by asn1tostruct.py. Add return value and NULL pointer checks and hence fix null dereference on erratic PDUs across HNBAP, RUA and RANAP protocols. Similar checks exist in other places, this one was simply missing. Since the result of asn1tostruct.py is not committed, here is an example diff of the resulting change, of which there are 128 instances in total: @@ -304,7 +329,12 @@ memset(hnbRegisterRequestIEs, 0, sizeof(HNBRegisterRequestIEs_t)); HNBAP_DEBUG("Decoding message HNBRegisterRequestIEs (%s:%d)\n", __FILE__, __LINE__); - ANY_to_type_aper(any_p, &asn_DEF_HNBRegisterRequest, (void**)&hNBRegisterRequest_p); + tempDecoded = ANY_to_type_aper(any_p, &asn_DEF_HNBRegisterRequest, (void**)&hNBRegisterRequest_p); + + if (tempDecoded < 0 || hNBRegisterRequest_p == NULL) { + HNBAP_DEBUG("Decoding of message HNBRegisterRequestIEs failed\n"); + return -1; + } for (i = 0; i < hNBRegisterRequest_p->hnbRegisterRequest_ies.list.count; i++) { IE_t *ie_p; Change-Id: I6cb9cc9a88d22f03befa43f0968a874476fa079d
This repository contains a C-language implementation of the 3GPP Iuh interface, together with a HNB-GW (Home NodeB Gateway). You can use it to interface Iuh-speaking femtocells/small cells to Iu-speaking MSCs and SGSNs.
It is part of the Osmocom Open Source Mobile Communications project.
The official homepage of the project is https://osmocom.org/projects/osmohnbgw/wiki
You can clone from the official libosmocore.git repository using
git clone git://git.osmocom.org/osmo-iuh.git
There is a cgit interface at http://git.osmocom.org/osmo-iuh/
There is currently no documentation beyond the wiki available on the homepage. We would love to see somebody contributing a manual that can be part of the osmo-gsm-manuals suite.
Discussions related to osmo-iuh are happening on the openbsc@lists.osmocom.org mailing list, please see https://lists.osmocom.org/mailman/listinfo/openbsc for subscription options and the list archive.
Please observe the Osmocom Mailing List Rules when posting.
Our coding standards are described at https://osmocom.org/projects/cellular-infrastructure/wiki/Coding_standards
We us a gerrit based patch submission/review process for managing contributions. Please see https://osmocom.org/projects/cellular-infrastructure/wiki/Gerrit for more details
The current patch queue for osmo-iuh can be seen at https://gerrit.osmocom.org/#/q/project:osmo-iuh+status:open
It is generally best to check the wiki for the most up-to-date build instructions.
As external library dependencies, you will need
To bootstrap the build, in the root directory, run:
autoreconf --install
After that, run the usual
./configure [options] make [sudo] make install
Note: osmo-iuh just left very active development (December 2015, January 2016), so your mileage may vary.
If you run the 'hnbgw' executable, it will open a listening SCTP socket and wait for incoming Iuh connections. It will accept any HNB-REGISTER-REQUEST, and it will establish Iu (over SUA) connections towards the MSC and SGSN.
In order to re-generate the C source code from the ASN.1 source, you will need a modified asn1c which has the following features: