- Fixed missing initialization issues in nas that caused several jumps in liblte_mme to use uninitialized memory.

- Fixed missing initialization in spgw that caused recvfrom to use an unitialized argument.
2020-09-18 14:02:51 +02:00 · 2020-09-18 14:02:51 +02:00 · f604506858
parent 8d1705d6c6
commit f604506858
4 changed files with 8 additions and 5 deletions
--- a/lib/include/srslte/asn1/gtpc.h
+++ b/lib/include/srslte/asn1/gtpc.h
@ -88,6 +88,8 @@ typedef union gtpc_msg_choice {
 typedef struct gtpc_pdu {
  struct gtpc_header    header;
  union gtpc_msg_choice choice;
+  size_t                union_field_size;
+  size_t                get_length() const { return sizeof(gtpc_header) + union_field_size; }
 } gtpc_pdu_t;
 } // namespace srslte
 #endif // SRSLTE_GTPC_H
--- a/srsepc/src/mme/mme_gtpc.cc
+++ b/srsepc/src/mme/mme_gtpc.cc
@ -146,6 +146,7 @@ bool mme_gtpc::send_create_session_request(uint64_t imsi)
  bzero(&cs_req_pdu, sizeof(struct srslte::gtpc_pdu));

  // Setup GTP-C Header. TODO: Length, sequence and other fields need to be added.
+  cs_req_pdu.union_field_size    = sizeof(srslte::gtpc_create_session_request);
  cs_req_pdu.header.piggyback    = false;
  cs_req_pdu.header.teid_present = true;
  cs_req_pdu.header.teid         = 0; // Send create session request to the butler TEID
--- a/srsepc/src/mme/nas.cc
+++ b/srsepc/src/mme/nas.cc
@ -77,10 +77,10 @@ bool nas::handle_attach_request(uint32_t                enb_ue_s1ap_id,
                                const nas_if_t&         itf,
                                srslte::log*            nas_log)
 {
-  uint32_t                                       m_tmsi = 0;
-  uint64_t                                       imsi   = 0;
-  LIBLTE_MME_ATTACH_REQUEST_MSG_STRUCT           attach_req;
-  LIBLTE_MME_PDN_CONNECTIVITY_REQUEST_MSG_STRUCT pdn_con_req;
+  uint32_t                                       m_tmsi      = 0;
+  uint64_t                                       imsi        = 0;
+  LIBLTE_MME_ATTACH_REQUEST_MSG_STRUCT           attach_req  = {};
+  LIBLTE_MME_PDN_CONNECTIVITY_REQUEST_MSG_STRUCT pdn_con_req = {};

  // Interfaces
  s1ap_interface_nas* s1ap = itf.s1ap;
--- a/srsepc/src/spgw/spgw.cc
+++ b/srsepc/src/spgw/spgw.cc
@ -117,7 +117,7 @@ void spgw::run_thread()

  struct sockaddr_in src_addr_in;
  struct sockaddr_un src_addr_un;
-  socklen_t          addrlen;
+  socklen_t          addrlen = sizeof(src_addr_in);
  struct iphdr*      ip_pkt;

  int sgi = m_gtpu->get_sgi();