Skip to content

O
OpenXG-RAN
Commit e4f59a03 authored by winckel's avatar winckel
Browse files
Options

Added asserts after ASN1 message encoding to detect buffer overflow or other encoding issues. 

Increase RRC buffer size for RRCConnectionReconfiguration messages.

git-svn-id: http://svn.eurecom.fr/openair4G/trunk@4926 818b1a75-f10b-46b9-bf7c-635c3b92a50f
parent 69f07aad
Show whitespace changes
Inline Side-by-side
Showing with 97 additions and 58 deletions
openair2/RRC/LITE/MESSAGES/asn1_msg.c
View file @ e4f59a03
...@@ -56,6 +56,7 @@ ...@@ -56,6 +56,7 @@
#include <asn_internal.h> /* for _ASN_DEFAULT_STACK_MAX */ #include <asn_internal.h> /* for _ASN_DEFAULT_STACK_MAX */
#include <per_encoder.h> #include <per_encoder.h>
#include "assertions.h"
#include "RRCConnectionRequest.h" #include "RRCConnectionRequest.h"
#include "UL-CCCH-Message.h" #include "UL-CCCH-Message.h"
#include "UL-DCCH-Message.h" #include "UL-DCCH-Message.h"
...@@ -353,6 +354,8 @@ uint8_t do_MIB(uint8_t Mod_id, LTE_DL_FRAME_PARMS *frame_parms, uint32_t frame, ...@@ -353,6 +354,8 @@ uint8_t do_MIB(uint8_t Mod_id, LTE_DL_FRAME_PARMS *frame_parms, uint32_t frame,
(void*)&mib, (void*)&mib,
buffer, buffer,
100); 100);
AssertFatal (enc_rval.encoded > 0, "ASN1 message encoding failed (%s, %d)!\n",
enc_rval.failed_type->name, enc_rval.encoded);
#if defined(ENABLE_ITTI) #if defined(ENABLE_ITTI)
# if !defined(DISABLE_XER_SPRINT) # if !defined(DISABLE_XER_SPRINT)
...@@ -528,6 +531,8 @@ uint8_t do_SIB1(uint8_t Mod_id, LTE_DL_FRAME_PARMS *frame_parms, uint8_t *buffer ...@@ -528,6 +531,8 @@ uint8_t do_SIB1(uint8_t Mod_id, LTE_DL_FRAME_PARMS *frame_parms, uint8_t *buffer
(void*)bcch_message, (void*)bcch_message,
buffer, buffer,
100); 100);
AssertFatal (enc_rval.encoded > 0, "ASN1 message encoding failed (%s, %d)!\n",
enc_rval.failed_type->name, enc_rval.encoded);
#if defined(ENABLE_ITTI) #if defined(ENABLE_ITTI)
# if !defined(DISABLE_XER_SPRINT) # if !defined(DISABLE_XER_SPRINT)
...@@ -717,6 +722,8 @@ uint8_t do_SIB2_AT4(uint8_t Mod_id, ...@@ -717,6 +722,8 @@ uint8_t do_SIB2_AT4(uint8_t Mod_id,
(void*)bcch_message, (void*)bcch_message,
buffer, buffer,
100); 100);
AssertFatal (enc_rval.encoded > 0, "ASN1 message encoding failed (%s, %d)!\n",
enc_rval.failed_type->name, enc_rval.encoded);
#if defined(ENABLE_ITTI) #if defined(ENABLE_ITTI)
# if !defined(DISABLE_XER_SPRINT) # if !defined(DISABLE_XER_SPRINT)
...@@ -1104,6 +1111,8 @@ uint8_t do_SIB23(uint8_t Mod_id, ...@@ -1104,6 +1111,8 @@ uint8_t do_SIB23(uint8_t Mod_id,
(void*)bcch_message, (void*)bcch_message,
buffer, buffer,
900); 900);
AssertFatal (enc_rval.encoded > 0, "ASN1 message encoding failed (%s, %d)!\n",
enc_rval.failed_type->name, enc_rval.encoded);
#if defined(ENABLE_ITTI) #if defined(ENABLE_ITTI)
# if !defined(DISABLE_XER_SPRINT) # if !defined(DISABLE_XER_SPRINT)
...@@ -1192,6 +1201,8 @@ uint8_t do_RRCConnectionRequest(uint8_t Mod_id, uint8_t *buffer,uint8_t *rv) { ...@@ -1192,6 +1201,8 @@ uint8_t do_RRCConnectionRequest(uint8_t Mod_id, uint8_t *buffer,uint8_t *rv) {
(void*)&ul_ccch_msg, (void*)&ul_ccch_msg,
buffer, buffer,
100); 100);
AssertFatal (enc_rval.encoded > 0, "ASN1 message encoding failed (%s, %d)!\n",
enc_rval.failed_type->name, enc_rval.encoded);
#if defined(ENABLE_ITTI) #if defined(ENABLE_ITTI)
# if !defined(DISABLE_XER_SPRINT) # if !defined(DISABLE_XER_SPRINT)
...@@ -1268,6 +1279,8 @@ uint8_t do_RRCConnectionSetupComplete(uint8_t Mod_id, uint8_t *buffer, const uin ...@@ -1268,6 +1279,8 @@ uint8_t do_RRCConnectionSetupComplete(uint8_t Mod_id, uint8_t *buffer, const uin
(void*)&ul_dcch_msg, (void*)&ul_dcch_msg,
buffer, buffer,
100); 100);
AssertFatal (enc_rval.encoded > 0, "ASN1 message encoding failed (%s, %d)!\n",
enc_rval.failed_type->name, enc_rval.encoded);
#if defined(ENABLE_ITTI) #if defined(ENABLE_ITTI)
# if !defined(DISABLE_XER_SPRINT) # if !defined(DISABLE_XER_SPRINT)
...@@ -1320,6 +1333,8 @@ uint8_t do_RRCConnectionReconfigurationComplete(uint8_t Mod_id, uint8_t *buffer, ...@@ -1320,6 +1333,8 @@ uint8_t do_RRCConnectionReconfigurationComplete(uint8_t Mod_id, uint8_t *buffer,
(void*)&ul_dcch_msg, (void*)&ul_dcch_msg,
buffer, buffer,
100); 100);
AssertFatal (enc_rval.encoded > 0, "ASN1 message encoding failed (%s, %d)!\n",
enc_rval.failed_type->name, enc_rval.encoded);
#if defined(ENABLE_ITTI) #if defined(ENABLE_ITTI)
# if !defined(DISABLE_XER_SPRINT) # if !defined(DISABLE_XER_SPRINT)
...@@ -1608,6 +1623,8 @@ uint8_t do_RRCConnectionSetup(uint8_t Mod_id, ...@@ -1608,6 +1623,8 @@ uint8_t do_RRCConnectionSetup(uint8_t Mod_id,
(void*)&dl_ccch_msg, (void*)&dl_ccch_msg,
buffer, buffer,
100); 100);
AssertFatal (enc_rval.encoded > 0, "ASN1 message encoding failed (%s, %d)!\n",
enc_rval.failed_type->name, enc_rval.encoded);
#if defined(ENABLE_ITTI) #if defined(ENABLE_ITTI)
# if !defined(DISABLE_XER_SPRINT) # if !defined(DISABLE_XER_SPRINT)
...@@ -1673,6 +1690,8 @@ uint8_t do_SecurityModeCommand(uint8_t Mod_id, ...@@ -1673,6 +1690,8 @@ uint8_t do_SecurityModeCommand(uint8_t Mod_id,
(void*)&dl_dcch_msg, (void*)&dl_dcch_msg,
buffer, buffer,
100); 100);
AssertFatal (enc_rval.encoded > 0, "ASN1 message encoding failed (%s, %d)!\n",
enc_rval.failed_type->name, enc_rval.encoded);
#if defined(ENABLE_ITTI) #if defined(ENABLE_ITTI)
# if !defined(DISABLE_XER_SPRINT) # if !defined(DISABLE_XER_SPRINT)
...@@ -1738,7 +1757,10 @@ uint8_t do_UECapabilityEnquiry(uint8_t Mod_id, ...@@ -1738,7 +1757,10 @@ uint8_t do_UECapabilityEnquiry(uint8_t Mod_id,
(void*)&dl_dcch_msg, (void*)&dl_dcch_msg,
buffer, buffer,
100); 100);
#if defined(ENABLE_ITTI) AssertFatal (enc_rval.encoded > 0, "ASN1 message encoding failed (%s, %d)!\n",
enc_rval.failed_type->name, enc_rval.encoded);
#if defined(ENABLE_ITTI)
# if !defined(DISABLE_XER_SPRINT) # if !defined(DISABLE_XER_SPRINT)
{ {
char message_string[19950]; char message_string[19950];
...@@ -1772,7 +1794,7 @@ uint8_t do_UECapabilityEnquiry(uint8_t Mod_id, ...@@ -1772,7 +1794,7 @@ uint8_t do_UECapabilityEnquiry(uint8_t Mod_id,
return((enc_rval.encoded+7)/8); return((enc_rval.encoded+7)/8);
} }
uint8_t do_RRCConnectionReconfiguration(uint8_t Mod_id, uint16_t do_RRCConnectionReconfiguration(uint8_t Mod_id,
uint8_t *buffer, uint8_t *buffer,
uint8_t UE_id, uint8_t UE_id,
uint8_t Transaction_id, uint8_t Transaction_id,
...@@ -1791,7 +1813,8 @@ uint8_t do_RRCConnectionReconfiguration(uint8_t Mod_id ...@@ -1791,7 +1813,8 @@ uint8_t do_RRCConnectionReconfiguration(uint8_t Mod_id
struct MeasConfig__speedStatePars *speedStatePars, struct MeasConfig__speedStatePars *speedStatePars,
RSRP_Range_t *rsrp, RSRP_Range_t *rsrp,
C_RNTI_t *cba_rnti, C_RNTI_t *cba_rnti,
struct RRCConnectionReconfiguration_r8_IEs__dedicatedInfoNASList *dedicatedInfoNASList struct RRCConnectionReconfiguration_r8_IEs__dedicatedInfoNASList
*dedicatedInfoNASList
) { ) {
asn_enc_rval_t enc_rval; asn_enc_rval_t enc_rval;
...@@ -1876,6 +1899,9 @@ uint8_t do_RRCConnectionReconfiguration(uint8_t Mod_id ...@@ -1876,6 +1899,9 @@ uint8_t do_RRCConnectionReconfiguration(uint8_t Mod_id
(void*)&dl_dcch_msg, (void*)&dl_dcch_msg,
buffer, buffer,
RRC_BUF_SIZE); RRC_BUF_SIZE);
AssertFatal (enc_rval.encoded > 0, "ASN1 message encoding failed (%s, %d)!\n",
enc_rval.failed_type->name, enc_rval.encoded);
#ifdef XER_PRINT #ifdef XER_PRINT
xer_fprint(stdout,&asn_DEF_DL_DCCH_Message,(void*)&dl_dcch_msg); xer_fprint(stdout,&asn_DEF_DL_DCCH_Message,(void*)&dl_dcch_msg);
#endif #endif
...@@ -1909,7 +1935,6 @@ uint8_t do_RRCConnectionReconfiguration(uint8_t Mod_id ...@@ -1909,7 +1935,6 @@ uint8_t do_RRCConnectionReconfiguration(uint8_t Mod_id
//#endif //#endif
return((enc_rval.encoded+7)/8); return((enc_rval.encoded+7)/8);
} }
uint8_t TMGI[5] = {4,3,2,1,0};//TMGI is a string of octet, ref. TS 24.008 fig. 10.5.4a uint8_t TMGI[5] = {4,3,2,1,0};//TMGI is a string of octet, ref. TS 24.008 fig. 10.5.4a
...@@ -2024,6 +2049,8 @@ uint8_t do_MBSFNAreaConfig(uint8_t Mod_id, ...@@ -2024,6 +2049,8 @@ uint8_t do_MBSFNAreaConfig(uint8_t Mod_id,
(void*)mcch_message, (void*)mcch_message,
buffer, buffer,
100); 100);
AssertFatal (enc_rval.encoded > 0, "ASN1 message encoding failed (%s, %d)!\n",
enc_rval.failed_type->name, enc_rval.encoded);
#if defined(ENABLE_ITTI) #if defined(ENABLE_ITTI)
# if !defined(DISABLE_XER_SPRINT) # if !defined(DISABLE_XER_SPRINT)
...@@ -2142,6 +2169,8 @@ uint8_t do_MeasurementReport(uint8_t Mod_id, uint8_t *buffer,int measid,int phy_ ...@@ -2142,6 +2169,8 @@ uint8_t do_MeasurementReport(uint8_t Mod_id, uint8_t *buffer,int measid,int phy_
(void*)&ul_dcch_msg, (void*)&ul_dcch_msg,
buffer, buffer,
100); 100);
AssertFatal (enc_rval.encoded > 0, "ASN1 message encoding failed (%s, %d)!\n",
enc_rval.failed_type->name, enc_rval.encoded);
#if defined(ENABLE_ITTI) #if defined(ENABLE_ITTI)
# if !defined(DISABLE_XER_SPRINT) # if !defined(DISABLE_XER_SPRINT)
...@@ -2338,6 +2367,8 @@ OAI_UECapability_t *fill_ue_capability() { ...@@ -2338,6 +2367,8 @@ OAI_UECapability_t *fill_ue_capability() {
(void*)UE_EUTRA_Capability, (void*)UE_EUTRA_Capability,
&UECapability.sdu[0], &UECapability.sdu[0],
MAX_UE_CAPABILITY_SIZE); MAX_UE_CAPABILITY_SIZE);
AssertFatal (enc_rval.encoded > 0, "ASN1 message encoding failed (%s, %d)!\n",
enc_rval.failed_type->name, enc_rval.encoded);
#if defined(ENABLE_ITTI) #if defined(ENABLE_ITTI)
# if defined(DISABLE_XER_SPRINT) # if defined(DISABLE_XER_SPRINT)
...@@ -2563,6 +2594,8 @@ uint8_t do_SIB2_cell(uint8_t Mod_id, LTE_DL_FRAME_PARMS *frame_parms, uint8_t *b ...@@ -2563,6 +2594,8 @@ uint8_t do_SIB2_cell(uint8_t Mod_id, LTE_DL_FRAME_PARMS *frame_parms, uint8_t *b
(void*)bcch_message, (void*)bcch_message,
buffer, buffer,
900); 900);
AssertFatal (enc_rval.encoded > 0, "ASN1 message encoding failed (%s, %d)!\n",
enc_rval.failed_type->name, enc_rval.encoded);
#if defined(ENABLE_ITTI) #if defined(ENABLE_ITTI)
# if !defined(DISABLE_XER_SPRINT) # if !defined(DISABLE_XER_SPRINT)
...@@ -3019,6 +3052,8 @@ uint8_t do_RRCConnReconf_defaultCELL(uint8_t Mod_id, ...@@ -3019,6 +3052,8 @@ uint8_t do_RRCConnReconf_defaultCELL(uint8_t Mod_id,
(void*)&dl_dcch_msg, (void*)&dl_dcch_msg,
buffer, buffer,
100); 100);
AssertFatal (enc_rval.encoded > 0, "ASN1 message encoding failed (%s, %d)!\n",
enc_rval.failed_type->name, enc_rval.encoded);
#ifdef XER_PRINT #ifdef XER_PRINT
xer_fprint(stdout,&asn_DEF_DL_DCCH_Message,(void*)&dl_dcch_msg); xer_fprint(stdout,&asn_DEF_DL_DCCH_Message,(void*)&dl_dcch_msg);
......
openair2/RRC/LITE/MESSAGES/asn1_msg.h
View file @ e4f59a03
...@@ -167,7 +167,7 @@ uint8_t do_RRCConnectionSetup(uint8_t Mod_id, ...@@ -167,7 +167,7 @@ uint8_t do_RRCConnectionSetup(uint8_t Mod_id,
@param cba_rnti RNTI for the cba transmission @param cba_rnti RNTI for the cba transmission
@returns Size of encoded bit stream in bytes*/ @returns Size of encoded bit stream in bytes*/
uint8_t do_RRCConnectionReconfiguration(uint8_t Mod_id, uint16_t do_RRCConnectionReconfiguration(uint8_t Mod_id,
uint8_t *buffer, uint8_t *buffer,
uint8_t UE_id, uint8_t UE_id,
uint8_t Transaction_id, uint8_t Transaction_id,
...@@ -186,7 +186,8 @@ uint8_t do_RRCConnectionReconfiguration(uint8_t Mod_id ...@@ -186,7 +186,8 @@ uint8_t do_RRCConnectionReconfiguration(uint8_t Mod_id
struct MeasConfig__speedStatePars *speedStatePars, struct MeasConfig__speedStatePars *speedStatePars,
RSRP_Range_t *rsrp, RSRP_Range_t *rsrp,
C_RNTI_t *cba_rnti, C_RNTI_t *cba_rnti,
struct RRCConnectionReconfiguration_r8_IEs__dedicatedInfoNASList *dedicatedInfoNASList); struct RRCConnectionReconfiguration_r8_IEs__dedicatedInfoNASList
*dedicatedInfoNASList);
/*** /***
* \brief Generate an MCCH-Message (eNB). This routine configures MBSFNAreaConfiguration (PMCH-InfoList and Subframe Allocation for MBMS data) * \brief Generate an MCCH-Message (eNB). This routine configures MBSFNAreaConfiguration (PMCH-InfoList and Subframe Allocation for MBMS data)
......
openair2/RRC/LITE/defs.h
View file @ e4f59a03
...@@ -139,7 +139,7 @@ typedef enum HO_STATE_e { ...@@ -139,7 +139,7 @@ typedef enum HO_STATE_e {
#define MAX_MEAS_ID 6 #define MAX_MEAS_ID 6
#define PAYLOAD_SIZE_MAX 1024 #define PAYLOAD_SIZE_MAX 1024
#define RRC_BUF_SIZE 140 #define RRC_BUF_SIZE 255
#define UNDEF_SECURITY_MODE 0xff #define UNDEF_SECURITY_MODE 0xff
#define NO_SECURITY_MODE 0x33 #define NO_SECURITY_MODE 0x33
......
openair2/RRC/LITE/rrc_UE.c
View file @ e4f59a03
...@@ -1180,6 +1180,8 @@ void rrc_ue_process_securityModeCommand(uint8_t Mod_id,uint32_t frame,SecurityMo ...@@ -1180,6 +1180,8 @@ void rrc_ue_process_securityModeCommand(uint8_t Mod_id,uint32_t frame,SecurityMo
(void*)&ul_dcch_msg, (void*)&ul_dcch_msg,
buffer, buffer,
100); 100);
AssertFatal (enc_rval.encoded > 0, "ASN1 message encoding failed (%s, %d)!\n",
enc_rval.failed_type->name, enc_rval.encoded);
#ifdef XER_PRINT #ifdef XER_PRINT
xer_fprint(stdout, &asn_DEF_UL_DCCH_Message, (void*)&ul_dcch_msg); xer_fprint(stdout, &asn_DEF_UL_DCCH_Message, (void*)&ul_dcch_msg);
...@@ -1262,6 +1264,8 @@ void rrc_ue_process_ueCapabilityEnquiry(uint8_t Mod_id,uint32_t frame,UECapabili ...@@ -1262,6 +1264,8 @@ void rrc_ue_process_ueCapabilityEnquiry(uint8_t Mod_id,uint32_t frame,UECapabili
&ue_CapabilityRAT_Container); &ue_CapabilityRAT_Container);
enc_rval = uper_encode_to_buffer(&asn_DEF_UL_DCCH_Message, (void*) &ul_dcch_msg, buffer, 100); enc_rval = uper_encode_to_buffer(&asn_DEF_UL_DCCH_Message, (void*) &ul_dcch_msg, buffer, 100);
AssertFatal (enc_rval.encoded > 0, "ASN1 message encoding failed (%s, %d)!\n",
enc_rval.failed_type->name, enc_rval.encoded);
#ifdef XER_PRINT #ifdef XER_PRINT
xer_fprint(stdout, &asn_DEF_UL_DCCH_Message, (void*)&ul_dcch_msg); xer_fprint(stdout, &asn_DEF_UL_DCCH_Message, (void*)&ul_dcch_msg);
......
openair2/RRC/LITE/rrc_eNB.c
View file @ e4f59a03
...@@ -599,7 +599,7 @@ static void rrc_eNB_generate_defaultRRCConnectionReconfiguration (u8 Mod_id, u32 ...@@ -599,7 +599,7 @@ static void rrc_eNB_generate_defaultRRCConnectionReconfiguration (u8 Mod_id, u32
eNB_RRC_UE_INFO *UE_info = &eNB_rrc_inst[Mod_id].Info.UE[UE_index]; eNB_RRC_UE_INFO *UE_info = &eNB_rrc_inst[Mod_id].Info.UE[UE_index];
#endif #endif
u8 buffer[RRC_BUF_SIZE]; u8 buffer[RRC_BUF_SIZE];
u8 size; u16 size;
int i; int i;
// configure SRB1/SRB2, PhysicalConfigDedicated, MAC_MainConfig for UE // configure SRB1/SRB2, PhysicalConfigDedicated, MAC_MainConfig for UE
...@@ -1096,7 +1096,6 @@ static void rrc_eNB_generate_defaultRRCConnectionReconfiguration (u8 Mod_id, u32 ...@@ -1096,7 +1096,6 @@ static void rrc_eNB_generate_defaultRRCConnectionReconfiguration (u8 Mod_id, u32
//rrc_rlc_data_req(Mod_id,frame, 1,(UE_index*NB_RB_MAX)+DCCH,rrc_eNB_mui++,0,size,(char*)buffer); //rrc_rlc_data_req(Mod_id,frame, 1,(UE_index*NB_RB_MAX)+DCCH,rrc_eNB_mui++,0,size,(char*)buffer);
pdcp_rrc_data_req (Mod_id, UE_index, frame, 1, DCCH, pdcp_rrc_data_req (Mod_id, UE_index, frame, 1, DCCH,
rrc_eNB_mui++, 0, size, buffer, 1); rrc_eNB_mui++, 0, size, buffer, 1);
} }
/*------------------------------------------------------------------------------*/ /*------------------------------------------------------------------------------*/
...@@ -1270,7 +1269,7 @@ void check_handovers(u8 Mod_id, u32 frame) { ...@@ -1270,7 +1269,7 @@ void check_handovers(u8 Mod_id, u32 frame) {
void rrc_eNB_generate_RRCConnectionReconfiguration_handover (u8 Mod_id, u32 frame,u16 UE_index,u8 *nas_pdu,u32 nas_length) { void rrc_eNB_generate_RRCConnectionReconfiguration_handover (u8 Mod_id, u32 frame,u16 UE_index,u8 *nas_pdu,u32 nas_length) {
u8 buffer[RRC_BUF_SIZE]; u8 buffer[RRC_BUF_SIZE];
u8 size; u16 size;
int i; int i;
uint8_t rv[2]; uint8_t rv[2];
u16 Idx; u16 Idx;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment