Project

General

Profile

Bug #2533

CTRL interface: disallow various unvalidated input

Added by neels 12 months ago. Updated about 1 month ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
10/04/2017
Due date:
% Done:

0%

Estimated time:
Spec Reference:

Description

https://gerrit.osmocom.org/4067 uncovers some unwanted CTRL interface behavior.
See also https://lists.osmocom.org/pipermail/openbsc/2017-September/011236.html
and https://lists.osmocom.org/pipermail/openbsc/2017-October/011263.html

Enhance CTRL interface unit tests to catch undesired/unvalidated input and fix input validation.

History

#1 Updated by neels 12 months ago

  • Description updated (diff)

#2 Updated by neels about 1 month ago

  • Status changed from New to Resolved

various strictness was merged a long time ago

Author:     Neels Hofmeyr <neels@hofmeyr.de>
AuthorDate: Tue Sep 26 14:21:44 2017 +0200
Commit:     Harald Welte <laforge@gnumonks.org>
CommitDate: Wed Dec 20 15:50:24 2017 +0000

    ctrl: tighten CTRL input parsing

    Validate that incoming CTRL commands...
    - have decimal IDs,
    - return error on trailing characters,
    - have invalid characters in variable identifiers,
    - send detailed error messages as reply to the requestor.

    Adjust ctrl_test.{c,ok}, which best show the change in behavior.

    Message handling causes log messages on stderr; previously, stderr was empty.
    Add '[ignore]' in testsuite.at so that the nonempty stderr doesn't cause test
    failures.

    Change-Id: I96a9b6b6a3a5e0b80513aa9eaa727ae8c9c7d7a1

and this issue here is too vague to make any sense, really.

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 48.8 MB)