Commit c17f1ff3 authored by Haruki NAOI's avatar Haruki NAOI

fix s1ap stack overflow.

(cherry picked from commit f6b51079021347c19d528200f04d7cdba1dde0e5)
parent 750b96e1
...@@ -285,7 +285,7 @@ void s1ap_eNB_handle_sctp_association_resp(instance_t instance, sctp_new_associa ...@@ -285,7 +285,7 @@ void s1ap_eNB_handle_sctp_association_resp(instance_t instance, sctp_new_associa
struct served_gummei_s* gummeiInfo; struct served_gummei_s* gummeiInfo;
struct mme_code_s* mmeCode; struct mme_code_s* mmeCode;
int8_t cnt = 0; int8_t cnt = 0;
unsigned enb_s1ap_id[20]; unsigned enb_s1ap_id[NUMBER_OF_UE_MAX];
if (sctp_new_association_resp == NULL) { if (sctp_new_association_resp == NULL) {
S1AP_ERROR("sctp_new_association_resp == NULL\n"); S1AP_ERROR("sctp_new_association_resp == NULL\n");
...@@ -315,6 +315,7 @@ void s1ap_eNB_handle_sctp_association_resp(instance_t instance, sctp_new_associa ...@@ -315,6 +315,7 @@ void s1ap_eNB_handle_sctp_association_resp(instance_t instance, sctp_new_associa
{ {
if( ue_p->mme_ref == s1ap_mme_data_p ) if( ue_p->mme_ref == s1ap_mme_data_p )
{ {
if(cnt < NUMBER_OF_UE_MAX){
enb_s1ap_id[cnt] = ue_p->eNB_ue_s1ap_id; enb_s1ap_id[cnt] = ue_p->eNB_ue_s1ap_id;
cnt++; cnt++;
...@@ -334,6 +335,9 @@ void s1ap_eNB_handle_sctp_association_resp(instance_t instance, sctp_new_associa ...@@ -334,6 +335,9 @@ void s1ap_eNB_handle_sctp_association_resp(instance_t instance, sctp_new_associa
{ {
S1AP_ERROR("Invalid message_p : eNB_ue_s1ap_id=%u\n", ue_p->eNB_ue_s1ap_id); S1AP_ERROR("Invalid message_p : eNB_ue_s1ap_id=%u\n", ue_p->eNB_ue_s1ap_id);
} }
}else{
S1AP_ERROR("s1ap_eNB_handle_sctp_association_resp: cnt %d > max\n", cnt);
}
} }
} }
for( ; cnt > 0 ; ) for( ; cnt > 0 ; )
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment