add check for possible buffer pool misallocation in RRC/NAS/GW

master
Andre Puschmann 7 years ago
parent 77c8bf08cf
commit f5e3049f63

@ -242,7 +242,11 @@ void gw::run_thread()
struct iphdr *ip_pkt; struct iphdr *ip_pkt;
uint32 idx = 0; uint32 idx = 0;
int32 N_bytes; int32 N_bytes;
srslte::byte_buffer_t *pdu = pool_allocate; srslte::byte_buffer_t *pdu = pool_allocate;
if (!pdu) {
gw_log->error("Fatal Error: Couldn't allocate PDU in run_thread().\n");
return;
}
const static uint32_t ATTACH_TIMEOUT_MS = 10000; const static uint32_t ATTACH_TIMEOUT_MS = 10000;
const static uint32_t ATTACH_MAX_ATTEMPTS = 3; const static uint32_t ATTACH_MAX_ATTEMPTS = 3;
@ -307,7 +311,7 @@ void gw::run_thread()
do { do {
pdu = pool_allocate; pdu = pool_allocate;
if (!pdu) { if (!pdu) {
printf("Not enough buffers in pool\n"); gw_log->error("Fatal Error: Couldn't allocate PDU in run_thread().\n");
usleep(100000); usleep(100000);
} }
} while(!pdu); } while(!pdu);

@ -812,6 +812,11 @@ void nas::parse_emm_information(uint32_t lcid, byte_buffer_t *pdu) {
void nas::send_attach_request() { void nas::send_attach_request() {
LIBLTE_MME_ATTACH_REQUEST_MSG_STRUCT attach_req; LIBLTE_MME_ATTACH_REQUEST_MSG_STRUCT attach_req;
byte_buffer_t *msg = pool_allocate; byte_buffer_t *msg = pool_allocate;
if (!msg) {
nas_log->error("Fatal Error: Couldn't allocate PDU in send_attach_request().\n");
return;
}
u_int32_t i; u_int32_t i;
attach_req.eps_attach_type = LIBLTE_MME_EPS_ATTACH_TYPE_EPS_ATTACH; attach_req.eps_attach_type = LIBLTE_MME_EPS_ATTACH_TYPE_EPS_ATTACH;
@ -913,6 +918,10 @@ void nas::gen_pdn_connectivity_request(LIBLTE_BYTE_MSG_STRUCT *msg) {
void nas::send_security_mode_reject(uint8_t cause) { void nas::send_security_mode_reject(uint8_t cause) {
byte_buffer_t *msg = pool_allocate; byte_buffer_t *msg = pool_allocate;
if (!msg) {
nas_log->error("Fatal Error: Couldn't allocate PDU in send_security_mode_reject().\n");
return;
}
LIBLTE_MME_SECURITY_MODE_REJECT_MSG_STRUCT sec_mode_rej; LIBLTE_MME_SECURITY_MODE_REJECT_MSG_STRUCT sec_mode_rej;
sec_mode_rej.emm_cause = cause; sec_mode_rej.emm_cause = cause;
@ -928,6 +937,10 @@ void nas::send_identity_response() {}
void nas::send_service_request() { void nas::send_service_request() {
byte_buffer_t *msg = pool_allocate; byte_buffer_t *msg = pool_allocate;
if (!msg) {
nas_log->error("Fatal Error: Couldn't allocate PDU in send_service_request().\n");
return;
}
// Pack the service request message directly // Pack the service request message directly
msg->msg[0] = (LIBLTE_MME_SECURITY_HDR_TYPE_SERVICE_REQUEST << 4) | (LIBLTE_MME_PD_EPS_MOBILITY_MANAGEMENT); msg->msg[0] = (LIBLTE_MME_SECURITY_HDR_TYPE_SERVICE_REQUEST << 4) | (LIBLTE_MME_PD_EPS_MOBILITY_MANAGEMENT);

@ -1265,9 +1265,14 @@ void rrc::handle_rrc_con_reconfig(uint32_t lcid, LIBLTE_RRC_CONNECTION_RECONFIGU
byte_buffer_t *nas_sdu; byte_buffer_t *nas_sdu;
for (i = 0; i < reconfig->N_ded_info_nas; i++) { for (i = 0; i < reconfig->N_ded_info_nas; i++) {
nas_sdu = pool_allocate; nas_sdu = pool_allocate;
memcpy(nas_sdu->msg, &reconfig->ded_info_nas_list[i].msg, reconfig->ded_info_nas_list[i].N_bytes); if (nas_sdu) {
nas_sdu->N_bytes = reconfig->ded_info_nas_list[i].N_bytes; memcpy(nas_sdu->msg, &reconfig->ded_info_nas_list[i].msg, reconfig->ded_info_nas_list[i].N_bytes);
nas->write_pdu(lcid, nas_sdu); nas_sdu->N_bytes = reconfig->ded_info_nas_list[i].N_bytes;
nas->write_pdu(lcid, nas_sdu);
} else {
rrc_log->error("Fatal Error: Couldn't allocate PDU in handle_rrc_con_reconfig().\n");
return;
}
} }
} }
} }

Loading…
Cancel
Save