add check for possible buffer pool misallocation in RRC/NAS/GW

2018-03-06 14:46:50 +01:00 · 2018-03-06 14:46:50 +01:00 · f5e3049f63
parent 77c8bf08cf
commit f5e3049f63
3 changed files with 27 additions and 5 deletions
--- a/srsue/src/upper/gw.cc
+++ b/srsue/src/upper/gw.cc
@ -242,7 +242,11 @@ void gw::run_thread()
  struct iphdr   *ip_pkt;
  uint32          idx = 0;
  int32           N_bytes;
-  srslte::byte_buffer_t  *pdu = pool_allocate;
+  srslte::byte_buffer_t *pdu = pool_allocate;
+  if (!pdu) {
+    gw_log->error("Fatal Error: Couldn't allocate PDU in run_thread().\n");
+    return;
+  }

  const static uint32_t ATTACH_TIMEOUT_MS   = 10000;
  const static uint32_t ATTACH_MAX_ATTEMPTS = 3;
@ -307,7 +311,7 @@ void gw::run_thread()
            do {
              pdu = pool_allocate;
              if (!pdu) {
-                printf("Not enough buffers in pool\n");
+                gw_log->error("Fatal Error: Couldn't allocate PDU in run_thread().\n");
                usleep(100000);
              }
            } while(!pdu);
--- a/srsue/src/upper/nas.cc
+++ b/srsue/src/upper/nas.cc
@ -812,6 +812,11 @@ void nas::parse_emm_information(uint32_t lcid, byte_buffer_t *pdu) {
 void nas::send_attach_request() {
  LIBLTE_MME_ATTACH_REQUEST_MSG_STRUCT attach_req;
  byte_buffer_t *msg = pool_allocate;
+  if (!msg) {
+    nas_log->error("Fatal Error: Couldn't allocate PDU in send_attach_request().\n");
+    return;
+  }
+
  u_int32_t i;

  attach_req.eps_attach_type = LIBLTE_MME_EPS_ATTACH_TYPE_EPS_ATTACH;
@ -913,6 +918,10 @@ void nas::gen_pdn_connectivity_request(LIBLTE_BYTE_MSG_STRUCT *msg) {

 void nas::send_security_mode_reject(uint8_t cause) {
  byte_buffer_t *msg = pool_allocate;
+  if (!msg) {
+    nas_log->error("Fatal Error: Couldn't allocate PDU in send_security_mode_reject().\n");
+    return;
+  }

  LIBLTE_MME_SECURITY_MODE_REJECT_MSG_STRUCT sec_mode_rej;
  sec_mode_rej.emm_cause = cause;
@ -928,6 +937,10 @@ void nas::send_identity_response() {}

 void nas::send_service_request() {
  byte_buffer_t *msg = pool_allocate;
+  if (!msg) {
+    nas_log->error("Fatal Error: Couldn't allocate PDU in send_service_request().\n");
+    return;
+  }

  // Pack the service request message directly
  msg->msg[0] = (LIBLTE_MME_SECURITY_HDR_TYPE_SERVICE_REQUEST << 4) | (LIBLTE_MME_PD_EPS_MOBILITY_MANAGEMENT);
--- a/srsue/src/upper/rrc.cc
+++ b/srsue/src/upper/rrc.cc
@ -1265,9 +1265,14 @@ void rrc::handle_rrc_con_reconfig(uint32_t lcid, LIBLTE_RRC_CONNECTION_RECONFIGU
    byte_buffer_t *nas_sdu;
    for (i = 0; i < reconfig->N_ded_info_nas; i++) {
      nas_sdu = pool_allocate;
-      memcpy(nas_sdu->msg, &reconfig->ded_info_nas_list[i].msg, reconfig->ded_info_nas_list[i].N_bytes);
-      nas_sdu->N_bytes = reconfig->ded_info_nas_list[i].N_bytes;
-      nas->write_pdu(lcid, nas_sdu);
+      if (nas_sdu) {
+        memcpy(nas_sdu->msg, &reconfig->ded_info_nas_list[i].msg, reconfig->ded_info_nas_list[i].N_bytes);
+        nas_sdu->N_bytes = reconfig->ded_info_nas_list[i].N_bytes;
+        nas->write_pdu(lcid, nas_sdu);
+      } else {
+        rrc_log->error("Fatal Error: Couldn't allocate PDU in handle_rrc_con_reconfig().\n");
+        return;
+      }
    }
  }
 }