Update sdu_lenP to uint32_t in get_mac_len

Add check in lcid_crnti_lookahead to ensure subtraction to pdu_len doesn't cause an underflow

Update sdu_lenP to uint32_t in get_mac_len
Add check in lcid_crnti_lookahead to ensure subtraction to pdu_len doesn't cause an underflow
f58765d0 · Rúben Soares Silva · 22ba6b75 · f58765d0 · f58765d0
Commit f58765d0 authored Jul 11, 2024 by Rúben Soares Silva
Showing with 14 additions and 7 deletions

openair2/LAYER2/NR_MAC_COMMON/nr_mac.h openair2/LAYER2/NR_MAC_COMMON/nr_mac.h +7 -6

openair2/LAYER2/NR_MAC_gNB/gNB_scheduler_ulsch.c openair2/LAYER2/NR_MAC_gNB/gNB_scheduler_ulsch.c +7 -1

No files found.
--- a/openair2/LAYER2/NR_MAC_COMMON/nr_mac.h
+++ b/openair2/LAYER2/NR_MAC_COMMON/nr_mac.h
@@ -107,12 +107,13 @@ typedef struct {
  uint8_t R: 2;       // octet 1 [7:6]
 } __attribute__ ((__packed__)) NR_MAC_SUBHEADER_FIXED;

-static inline int get_mac_len(uint8_t* pdu, int pdu_len, uint16_t *mac_ce_len, uint16_t *mac_subheader_len) {
-  if ( pdu_len < (int)sizeof(NR_MAC_SUBHEADER_SHORT))
+static inline int get_mac_len(uint8_t *pdu, uint32_t pdu_len, uint16_t *mac_ce_len, uint16_t *mac_subheader_len)
+{
+  if (pdu_len < sizeof(NR_MAC_SUBHEADER_SHORT))
    return false;
-  NR_MAC_SUBHEADER_SHORT *s = (NR_MAC_SUBHEADER_SHORT*) pdu;
-  NR_MAC_SUBHEADER_LONG *l = (NR_MAC_SUBHEADER_LONG*) pdu;
-  if (s->F && pdu_len < (int)sizeof(NR_MAC_SUBHEADER_LONG))
+  NR_MAC_SUBHEADER_SHORT *s = (NR_MAC_SUBHEADER_SHORT *)pdu;
+  NR_MAC_SUBHEADER_LONG *l = (NR_MAC_SUBHEADER_LONG *)pdu;
+  if (s->F && pdu_len < sizeof(NR_MAC_SUBHEADER_LONG))
    return false;
  if (s->F) {
    *mac_subheader_len = sizeof(*l);
@@ -123,7 +124,7 @@ static inline int get_mac_len(uint8_t* pdu, int pdu_len, uint16_t *mac_ce_len, u
  }
  return true;
 }
-    
+
 // BSR MAC CEs
 // TS 38.321 ch. 6.1.3.1
 // Short BSR for a specific logical channel group ID

--- a/openair2/LAYER2/NR_MAC_gNB/gNB_scheduler_ulsch.c
+++ b/openair2/LAYER2/NR_MAC_gNB/gNB_scheduler_ulsch.c
@@ -55,7 +55,13 @@ static rnti_t lcid_crnti_lookahead(uint8_t *pdu, uint32_t pdu_len)
      break;
    }
    pdu += mac_len + mac_subheader_len;
-    pdu_len -= mac_len + mac_subheader_len;
+    // if pdu_len can have the value subtracted without underflow, we can subtract
+    if (pdu_len >= mac_len + mac_subheader_len) {
+      pdu_len -= mac_len + mac_subheader_len;
+    } else {
+      // if not, set to 0 to prevent underflow
+      pdu_len = 0;
+    }
  }
  return 0;
 }