summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* vty/vty.c: the command buffer can be accessed directlyVadim Yanitskiy2019-07-301-7/+7
| | | | Change-Id: Ic6d7d68e9a559a6fb5bd6eaf6eccceae51e7ed39
* vty/vty.c: fix vty_read(): prevent further heap-buffer overrunVadim Yanitskiy2019-07-301-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | After reading data from the socket, assigned to a given VTY, we need to '\0'-terminate the received string. Otherwise, further access to that string, stored in a heap buffer vty->buf, would lead to a heap overrun. == How to reproduce? $ python -c "print 'A' * 512" | telnet $HOST $PORT ==21264==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6190000211e0 at pc 0x000000435d2f bp 0x7ffc06c7add0 sp 0x7ffc06c7a578 READ of size 1025 at 0x6190000211e0 thread T0 #0 0x435d2e in __interceptor_strlen (/usr/local/bin/osmo-msc+0x435d2e) #1 0x7fb95bfa5624 in talloc_strdup (/usr/lib/x86_64-linux-gnu/libtalloc.so.2+0x6624) #2 0x7fb95c1be2bc in vty_hist_add /opt/osmocom/libosmocore/src/vty/vty.c:578 #3 0x7fb95c1be2bc in vty_execute /opt/osmocom/libosmocore/src/vty/vty.c:703 #4 0x7fb95c1be2bc in vty_read /opt/osmocom/libosmocore/src/vty/vty.c:1425 #5 0x7fb95c1bfd78 in client_data /opt/osmocom/libosmocore/src/vty/telnet_interface.c:157 #6 0x7fb95b90bd33 in osmo_fd_disp_fds /opt/osmocom/libosmocore/src/select.c:223 #7 0x7fb95b90bd33 in osmo_select_main /opt/osmocom/libosmocore/src/select.c:263 #8 0x5006cc in main /opt/osmocom/osmo-msc/src/osmo-msc/msc_main.c:723:3 #9 0x7fb959935f44 in __libc_start_main /build/eglibc-xkFqqE/eglibc-2.19/csu/libc-start.c:287 #10 0x4226fb in _start (/usr/local/bin/osmo-msc+0x4226fb) == Why exactly 512? Because the initial size of the heap buffer is 512 (see VTY_BUFSIZ). Later on it can be realloc()ated, so X > 512 should also work. Found using AddressSanitizer and Radamsa [1] fuzzer. [1] https://gitlab.com/akihe/radamsa Change-Id: I82f774ad18d0e555eb8f3590a519946d9c583c78
* vty/telnet_interface.c: log connection accept() / close() eventsVadim Yanitskiy2019-07-301-0/+12
| | | | | | | | | | | | | | Unfortunately, osmo_sock_get_name_buf() fails in telnet_close_client(): DLGLOBAL INFO telnet_interface.c:130 Closing telnet connection <error-in-getsockname> because getsockname(), getpeername(), and even close() fail with: "Bad file descriptor". This looks like a bug of the existing code. Change-Id: I77b31abfa159d2f269deaa5a08d94b7bbba7d23c
* gsm0808_test: Fix wrong use of memcpPau Espin Pedrol2019-07-301-1/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | After recent system upgrade, gcc 9.1.0, I started getting gsm0808_test failing locally: Assert failed memcmp(&enc_ct, &dec_ct, sizeof(enc_ct)) == 0 libosmocore/tests/gsm0808/gsm0808_test.c:992 During investigation with gdb, fields of both structures seem to contain same values. However, closer lookup gives some hints on why it fails: (gdb) print memcmp(&enc_ct, &dec_ct, sizeof(enc_ct)) $1 = 85 (gdb) print memcmp(&enc_ct, &dec_ct, 12) $14 = 85 (gdb) print ((uint8_t*)&enc_ct)[11] $15 = 85 'U' (gdb) print ((uint8_t*)&dec_ct)[11] $16 = 0 '\000' So the 12th byte in struct gsm0808_channel_type is basically an alignment padding byte added by the compiler (to align perm_spch_len to 4-byte alignment). Since both compared structs are initialized without memset(0) but using compiler's designated initializers, it seems the compiler decided it's no longer needed to zero the padding byte, making memcp fail in this case. In order to avoid the failure, let's properly check every field instead of using memcp here. Change-Id: I17fe7a0a5dc650f050bba1f47d071be749550729
* vty/logging_vty.c: fix writing of 'print category-hex'Vadim Yanitskiy2019-07-301-0/+2
| | | | Change-Id: I33837f0fac1afe83596fa600916abc05ecb8c356
* vty/telnet_interface.c: avoid unneeded initializationVadim Yanitskiy2019-07-271-1/+1
| | | | | | | | Unconditional initialization follows the structure definition, so there is no need to do it twice. This prevents compiler from warning about potential errors. Change-Id: If9fd2826f132dfa203dda62940d93dbdfcfd92ac
* vty/telnet_interface.c: use DLGLOBAL logging sub-systemVadim Yanitskiy2019-07-271-2/+2
| | | | Change-Id: I1564f4714a33d36792e4982deb8f19d1b740dc0c
* gsm/gsm48.h: drop meaningless 'const' from gsm48_mi_to_string()Vadim Yanitskiy2019-07-262-4/+2
| | | | Change-Id: I5eb17edadf89ac47b4ca86c9e822037f7c0e518e
* stats_vty: Add verb to sentence for show asciidoc countersDaniel Willmann2019-07-251-1/+1
| | | | Change-Id: Ib444383d2074ddb89b3fe5bbf198bcbfabd7057f
* tell ubsan to ignore SUN_LENEric Wild2019-07-211-0/+3
| | | | | | | | | | | | | ubsan will report undefined behavior due to the SUN_LEN macros interaction with a null pointer, so let's tell ubsan to ignore this function. After carefully reviewing the final publically availlable drafts of the C99,C11 and C18 standards I can confirm that dereferencing null pointers is still undefined behavior, as such ubsan will always warn with absolutely every existing compiler version. Since the sanitizers are periodically synced between llvm and gcc I'm also fairly confident that rebuilding everything with compiler_rt to use the integrated sanitizers would result in the same message. I sincerly hope that this explanation provides to be sufficient, If not I'd be willing to show up at the next llvm dev meeting to provide quotes from actual sanitizer developers to back up these claims. Change-Id: I0ff445072f1b46390c9f70b21d61c789e39358d5
* gsm/gsm0480.c: use DLGLOBAL and LOGL_ERROR for loggingVadim Yanitskiy2019-07-211-13/+13
| | | | Change-Id: Id38272ff93fae6d2fdf39df4ffc74856d6c9a898
* gsm/gsm0480.c: parse_ss(): drop needless debug printVadim Yanitskiy2019-07-211-2/+0
| | | | Change-Id: Ie18c291d0cfe3b246d09ac6cfd9591951a2984c8
* osmo_get_rand_id(): Avoid dead code by proper #if/#else/#endifHarald Welte2019-07-211-1/+2
| | | | | Change-Id: I34e465dead179487f7d4508e0e6ecf0e838c6eb7 Closes: CID#177910
* tdef: remove bogus OSMO_ASSERT(unsigned long >= 0)Harald Welte2019-07-211-1/+0
| | | | | Change-Id: I7a544d2d43b83135def296674f777e48fe5fd80a Closes: CID#190866
* cbsp.c: Remove dead codeHarald Welte2019-07-211-3/+1
| | | | | Change-Id: I0888fbad0f9094ec1b31e2cceecfc9cd372399bd Closes: CID#202057
* Add Cell Broadcast related definitions from 3GPP TS 23.041Harald Welte2019-07-202-0/+90
| | | | Change-Id: I1e2c62cb9047648907c91b99f764f6caba8f4493
* cbsp: Introduce osmo_cbsp_errstrHarald Welte2019-07-203-28/+102
| | | | | | | | | | | | | | Rather than having the encoder/decoder library print some log messages in case of encoding/decoding errors, let's provide something akin to 'errno', but with a string instead of a numeric error code. The 'osmo_cbsp_errstr' global variable (if set) contains a human-readable string describing the most recent encoding/decoding error. It exists separately for each thread and hence can be used safely in multi-threaded environments. Change-Id: Id9a5a595a76ba278647aee9470ded213d8464103
* CBSP (Cell Broadcast Service Protocol; 3GPP TS 48.049) supportHarald Welte2019-07-207-1/+1954
| | | | | | | | | | This introduces definitions as well as a parser+encoder for the Cell Broadcast Service Protocol (CBSP) as specified in 3GPP TS 48.049. CBSP is used on the interface between CBC and BSC. Related: OS#3537 Change-Id: I5b7ae08f67e415967b60ac4b824db9e22ca00935
* bitvec/bitval2mask(): cosmetic: get rid of temporary int variableVadim Yanitskiy2019-07-181-11/+4
| | | | Change-Id: I9d6f6b66c99c43107d1ad3e80af332e967bb19e8
* osmo_gsm48_rest_octets_si3_decode(): fix copy-paste error in commentVadim Yanitskiy2019-07-181-1/+1
| | | | Change-Id: I57a330e16cc2910597672e1b27cf971499cea5bc
* Set HTML_TIMESTAMP to NO to make build reproducibleRuben Undheim2019-07-174-4/+4
| | | | Change-Id: I56cce5cda0621f5e9f1c28aaad4646e9e267d17d
* contrib/jenkins.sh: run "make maintainer-clean"Oliver Smith2019-07-111-0/+1
| | | | | Related: OS#3047 Change-Id: Ic147678e7906a8b9ad7fac8367602b656f4172e6
* libosmogsm/l1sap.h: extend ph_rach_ind_param with lqual_cbVadim Yanitskiy2019-07-101-0/+1
| | | | | | | | | | | | The link quality, defined by C/I (Carrier-to-Interference) ratio, can be computed from the training sequence of each burst, where we can compare the "ideal" training sequence with the actual training sequence and then express that in cB (centiBels, dB * 10). By analogy with both RSSI and ToA, it can be used to filter out false-positive detections and ghost Access Bursts. Change-Id: Ie2a66ebd040b61d6daf49e04bf8a84d3d64764ee
* Revert "utils.h: require a semi colon after OSMO_ASSERT"Vadim Yanitskiy2019-07-091-2/+2
| | | | | | | | | | | | | This reverts commit 4e284b637943980a405a8c44f2712b749ded428f. Unfortunately, some projects such as OsmoMSC, OsmoBTS and OpenBSC do contain OSMO_ASSERT statements without a semi colon. Thus, this change causes compilation errors when building them. Please note that only the OSMO_ASSERT's definition is reverted, while changes to other files (adding missing semicolons) are kept. Change-Id: I6da4d7397d993f6c1af658cb5ae1e49c92a1b350
* utils.h: require a semi colon after OSMO_ASSERTAlexander Couzens2019-07-083-6/+6
| | | | | | | | | When using `OSMO_ASSERT(exp);` clang will warn about an empty expression because the semi colon was superflous. Use do {} while (0) to enfore the need of a semi colon. This might break other test. Change-Id: I2272d29a81496164bebd1696a694383a28a86434
* Makefile.am: don't delete example.xml, vtydoc.xsdOliver Smith2019-06-281-2/+4
| | | | | | | | | Do not remove the entire doc/vty/ dir during the doxygen generation, because it contains versioned files. Fixes: 2fe50ac9511469a587426b80501b2b5da770e3a0 ("doxygen: enable cross referencing everywhere") Related: OS#3986 Change-Id: I884398c5e834ae2fac0af8c9b52d65bb3ceacb2d
* gitignore: add doc/*.tag.prepOliver Smith2019-06-281-0/+1
| | | | | | | Ignore files created during the two-pass doxygen generation that was introduced in Ib03d0b70d536c8f1386def666c89106a840f7363. Change-Id: I719bbc968420c462426d2c0ce703c7f3b2c1139e
* vty: Simplify char escaping in asciidoc outputPau Espin Pedrol2019-06-251-9/+4
| | | | Change-Id: I7df6858bb98abffc1d5bf420f991ae5854b24638
* gsm: lapd_core: Log timeout used upon start of T200Pau Espin Pedrol2019-06-211-1/+2
| | | | | | | | The timeout is calculated dynamically in t200_by_lchan() based on FN advance value estimated by bts_get_avg_fn_advance(), so it's informative to have the final value printed out. Change-Id: Ib50a9c23de881c66c9218833703cc41101e06bfd
* vty: Remove trailing whitespace in output from show asciidocPau Espin Pedrol2019-06-191-2/+2
| | | | Change-Id: Ifb3115c7488fbcf082cc9b92abc25cf7c46064e0
* bitvec: correct comment in bitvec_allocAlexander Couzens2019-06-171-1/+1
| | | | | | The function allocates x bytes not bits for the vector. Change-Id: I60fbe9fe9acd11c5d3232207f1bb677e8a98625f
* add define for magic tmsi constantEric Wild2019-06-171-0/+1
| | | | Change-Id: I52b9f6b5f3e96d85a390ba2af21d7814df8aaeec
* Revert "fsm.c: Print error message for FSM with allstate_action but no events"Vadim Yanitskiy2019-06-161-11/+0
| | | | | | | | | This reverts commit b3f94eb39e19366c3458643ee329a73155d46ff8, that unfortunately breaks some projects which call osmo_fsm_register() on DSO load (i.e. using __attribute__((constructor))) before the logging is initialized. Change-Id: Idc6fcce7e946c23d48589b920e309d60aa7b6645
* fsm.c: Print error message for FSM with allstate_action but no eventsHarald Welte2019-06-151-0/+11
| | | | | | | | | | As suggested by Vadim while reviewing a related fix for ipa_keepalive.c in libosmo-abis (see https://gerrit.osmocom.org/#/c/libosmo-abis/+/13540/), it makes sense to print an error message if anyone registers a FSM that specifies an allstate_action callback but at the same time no events that would ever end up in that callback. Change-Id: I9e73f7363ab15a00843e3f0d1e5776f4be7ebc46
* vty: command.c: Fix: single-choice optional args are no longer passed ↵Pau Espin Pedrol2019-06-142-6/+15
| | | | | | | | | | | incomplete to vty func For instance, take command "single0 [one]": If user executes "single0 on", VTY func will receive argv[0]="one" instead of argv[0]="on". Related: OS#4045 Change-Id: I5f4e2d16c62a2d22717989c6acc77450957168cb
* vty: command.c: Fix: multi-choice args are no longer passed incomplete to ↵Pau Espin Pedrol2019-06-143-18/+56
| | | | | | | | | | | vty func For instance, take command "multi0 (one|two|three)": If user executes "multi0 tw", VTY func will receive argv[0]="two" instead of argv[0]="tw". Fixes: OS#4045 Change-Id: I91b6621ac3d87fda5412a9b415e7bfb4736c8a9a
* vty: tests: Verify incomplete optional parameters are passed to vty funcsPau Espin Pedrol2019-06-142-0/+18
| | | | | | | | The test shows that in the case were "single0 on" is executed, VTY function should return complete "single0 one" but it doesn't. Related: OS#4045 Change-Id: Ib5b9dc07e2b280dc95011b3926afb1d490cadd81
* vty: command.c: Get rid of big indentation blockPau Espin Pedrol2019-06-141-30/+30
| | | | | | This block will become bigger in forthcoming commits. Change-Id: Ibc1494014b1e77ce10950f7268a44d2d2091a6f2
* command.c: Improve return check condition in cmd_execut_command_real()Pau Espin Pedrol2019-06-141-2/+2
| | | | | | | Check against MAX argc is changed to == since it cannot be incremented twice without passing the check. Change-Id: Ia330e475989fda863bedcc3cbf94deaf8dd83037
* logging: Use reentrant ctime_r instead of ctimePau Espin Pedrol2019-06-131-5/+8
| | | | | | | | It was noticed that multithreaded processes like osmo-trx can crash upon using ctime(). Related: OS#4055 Change-Id: I19ebf29a2f1fc855bb7d56766b338c7c3432dfd1
* (minor) fix typo in commentsKévin Redon2019-06-131-3/+3
| | | | Change-Id: I697af428a2ea9a0ccd3f04ba8ec4664935ae29f8
* logging: Check return error from time() callPau Espin Pedrol2019-06-131-1/+2
| | | | | Related: OS#4055 Change-Id: Ief155a76169426a677256e09d3e91751c4e2529f
* minor: don't redefine macrosKévin Redon2019-06-132-0/+4
| | | | | | | | | | | the DEBUG macro name and ARRAY_SIZE macro function are frequently used in other projects. If these projects also use libosmocore, the macros will be redefined. This also generates a warning message during compilation. Not redefining the macros removes the warning message and possible (but unlikely) mis-redefinition. Change-Id: I0ba91eae8eacc5542d1647601b372e417ed1713c
* fix isdigit taking unsigned as inputKévin Redon2019-06-132-2/+2
| | | | | | | | | | | | | fixes the following error warnings when cross-compiling using: ./configure --enable-static --prefix=/usr/local/arm-none-eabi --host=arm-none-eabi --enable-embedded --disable-doxygen --disable-shared --disable-pseudotalloc --enable-external-tests CFLAGS="-Os -ffunction-sections -fdata-sections -nostartfiles -nodefaultlibs -Werror -Wno-error=deprecated -Wno-error=deprecated-declarations -Wno-error=cpp -mthumb -Os -mlong-calls -g3 -mcpu=cortex-m4 -mfloat-abi=softfp -mfpu=fpv4-sp-d16 -Wno-error=format" utils.c:1002:18: error: array subscript has type 'char' [-Werror=char-subscripts] 1002 | if (!isdigit(in[i])) gsm23003.c:414:34: error: array subscript has type 'char' [-Werror=char-subscripts] 414 | if (!mnc_str || !isdigit(mnc_str[0]) || strlen(mnc_str) > 3) Change-Id: Ia13fd5ee79fc6dc3291c0b99958ab3c01afee17d
* vty: command.c: Get rid of huge indentation blockPau Espin Pedrol2019-06-121-91/+94
| | | | | | | | Huge conditional block inside for loop is negated in this patch together with a "continue" keyword, similar to what was already done recently in 4742526645d6137dd90ef369f0415afdb91736dc. Change-Id: I803c4ed38e9ab09bf929528c75a60e6f65da3928
* cosmetic: vty: command.c: Use upper case for enum match_type value namesPau Espin Pedrol2019-06-121-101/+101
| | | | | | | Makes code easier to follow because enum values no longer look like variables. Change-Id: Ib6e9592c5962d047869a280c10f9b557fae6f435
* protocol/gsm_04_08.h: do not check if unsigned is positiveVadim Yanitskiy2019-06-121-3/+3
| | | | Change-Id: I6b486b52a3733d5fd5e8ba18acbc9374e2e8bd7e
* core/utils: drop meaningless const from return value of osmo_luhn()Vadim Yanitskiy2019-06-122-2/+2
| | | | Change-Id: I085da06f31a0a6862ae2ba041fafc134cc240f7e
* vty: command.c: Fix is_cmd_ambiguous() returning always 0Pau Espin Pedrol2019-06-113-43/+14
| | | | | | | | | | inner block defined variable "enum match_type ret" was being masking outter block variable "int ret = 0". The ret variable was being given non zero values only inside the inner block, so that change was done on the inner variable and not the outer one, which is returned. Fixes: 5314c513f23688462d7f7937e5ae5e0d5cd4548e Change-Id: Iec87d7db49a096d07e38ff8a060b923a52bfd6ba
* vty: command.c: Get rid of huge indentation blockPau Espin Pedrol2019-06-111-84/+87
| | | | | | | Huge conditional block inside foor loop is negated in this patch together with a "continue" keyword. Change-Id: I9715734ed276f002fdc8c3b9742531ad36b2ef9e
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-22 14:38:01 +0000