mgcp-cli: Validate osmux cid value during mgcp_msg_gen
Change-Id: I5c4d39b346b94de933f86200902c6c0ea2e1d5df
diff --git a/src/libosmo-mgcp-client/mgcp_client.c b/src/libosmo-mgcp-client/mgcp_client.c
index 7074328..f2204e1 100644
--- a/src/libosmo-mgcp-client/mgcp_client.c
+++ b/src/libosmo-mgcp-client/mgcp_client.c
@@ -36,6 +36,10 @@
#include <unistd.h>
#include <string.h>
+#ifndef OSMUX_CID_MAX
+#define OSMUX_CID_MAX 255 /* FIXME: use OSMUX_CID_MAX from libosmo-netif? */
+#endif
+
/* Codec descripton for dynamic payload types (SDP) */
const struct value_string osmo_mgcpc_codec_names[] = {
{ CODEC_PCMU_8000_1, "PCMU/8000/1" },
@@ -414,9 +418,6 @@
return -2;
}
-#ifndef OSMUX_CID_MAX
-#define OSMUX_CID_MAX 255 /* FIXME: use OSMUX_CID_MAX from libosmo-netif? */
-#endif
if (osmux_cid > OSMUX_CID_MAX) { /* OSMUX_CID_MAX from libosmo-netif */
LOGP(DLMGCP, LOGL_ERROR, "Osmux ID too large: %u > %u\n",
osmux_cid, OSMUX_CID_MAX);
@@ -1260,6 +1261,13 @@
/* Add X-Osmo-Osmux */
if ((mgcp_msg->presence & MGCP_MSG_PRESENCE_X_OSMO_OSMUX_CID)) {
+ if (mgcp_msg->x_osmo_osmux_cid < -1 || mgcp_msg->x_osmo_osmux_cid > OSMUX_CID_MAX) {
+ LOGP(DLMGCP, LOGL_ERROR,
+ "Wrong Osmux CID %d, can not generate MGCP message\n",
+ mgcp_msg->x_osmo_osmux_cid);
+ msgb_free(msg);
+ return NULL;
+ }
snprintf(buf, sizeof(buf), " %d", mgcp_msg->x_osmo_osmux_cid);
rc +=
msgb_printf(msg, MGCP_X_OSMO_OSMUX_HEADER "%s\r\n",