5g-team
/
srsRAN_4G
mirror of https://github.com/pvnis/srsRAN_4G.git
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

pdu: fortify RAR packing

Browse Source 
detected with ASAN trying to write negative number of padding bytes.

The patch checks the calculated length and returns with an error
if the length is negative.

=================================================================
==5759==AddressSanitizer: while reporting a bug found another one. Ignoring.
m==5759==ERROR: AddressSanitizer: negative-size-param: (size=-6)
master
Andre Puschmann 4 years ago
parent 63bd43fa52
commit 2ca894df01
1 changed files with 12 additions and 1 deletions
Show Stats Download Patch File Download Diff File

13
lib/src/mac/pdu.cc
Unescape Escape View File

@ -1068,7 +1068,18 @@ bool rar_pdu::write_packet(uint8_t* ptr)
} }
// Set padding to zeros (if any) // Set padding to zeros (if any)
bzero(ptr, (rem_len - (ptr - init_ptr)) * sizeof(uint8_t)); int32_t payload_len = ptr - init_ptr;
int32_t pad_len = rem_len - payload_len;
if (pad_len < 0) {
if (log_h) {
log_h->error("Error packing RAR PDU (payload_len=%d, rem_len=%d)\n", payload_len, rem_len);
} else {
srslte::console("Error packing RAR PDU (payload_len=%d, rem_len=%d)\n", payload_len, rem_len);
}
return false;
} else {
bzero(ptr, pad_len * sizeof(uint8_t));
}
return true; return true;
} }

Write Preview
Loading…
Cancel
Save