From: Holger Hans Peter Freyther <zecke@selfish.org>
Date: Sun, 15 Jan 2012 09:49:43 +0000 (+0100)
Subject: gsm: Implement the size checking of the hello packet
X-Git-Url: http://git.eversberg.eu/gitweb.cgi?p=lcr.git;a=commitdiff_plain;h=b461b170fa3c19c5d7c3f689884a510559cb7940;hp=5c43a8807b50b1e2a4aa02714e99000981e6d0aa

gsm: Implement the size checking of the hello packet
---

diff --git a/gsm.cpp b/gsm.cpp
index 5fbbd49..5d4b64d 100644
--- a/gsm.cpp
+++ b/gsm.cpp
@@ -1351,6 +1351,34 @@ static int mncc_fd_read(struct lcr_fd *lfd, void *inst, int idx)
 			mncc_fd_close(lcr_gsm, lfd);
 			return 0;
 		}
+		if (hello->mncc_size != sizeof(struct gsm_mncc)) {
+			PERROR("MNCC gsm_mncc size differs: %u %u\n",
+				hello->mncc_size, sizeof(struct gsm_mncc));
+			mncc_fd_close(lcr_gsm, lfd);
+			return 0;
+		}
+		if (hello->data_frame_size != sizeof(struct gsm_data_frame)) {
+			PERROR("MNCC gsm_mncc size differs: %u %u\n",
+				hello->data_frame_size, sizeof(struct gsm_data_frame));
+			mncc_fd_close(lcr_gsm, lfd);
+			return 0;
+		}
+
+#define CHECK_OFFSET(hello, field, lcr_gsm, lfd)	\
+		if (hello->field ##_offset != __builtin_offsetof(struct gsm_mncc, field)) {	\
+			PERROR("MNCC gsm_mncc offset of %s is %u %u\n",				\
+				#field, hello->field ##_offset,					\
+				__builtin_offsetof(struct gsm_mncc, field));			\
+			mncc_fd_close(lcr_gsm, lfd);						\
+			return 0;								\
+		}
+
+		CHECK_OFFSET(hello, called, lcr_gsm, lfd);
+		CHECK_OFFSET(hello, signal, lcr_gsm, lfd);
+		CHECK_OFFSET(hello, emergency, lcr_gsm, lfd);
+		CHECK_OFFSET(hello, lchan_type, lcr_gsm, lfd);
+#undef CHECK_OFFSET
+
 		break;
 	}