Refactor / clean up TRX CTRL / DATA interfaces implementation
Some code parts of the Transceiver::driveControl() were already cleaned up,
but some parts are still require the refactoring, for example:
int maxDelay; sscanf(params, "%d", &maxDelay); mMaxExpectedDelayAB = maxDelay; // 1 GSM symbol is approx. 1 km sprintf(response,"RSP SETMAXDLY 0 %d",maxDelay);
Here the sscanf may fail, which would result in an uninitialized stack-memory access.
This is related to the following commands: SETMAXDLY, SETMAXDLYNB, SETRXGAIN,
SETPOWER, ADJPOWER, RXTUNE, TXTUNE, SETTSC, SETSLOT, _SETBURSTTODISKMASK.
Both RXTUNE and TXTUNE commands are using integer to parse the
freq. value. What if a negative number would arrive?
Also, have a look at the Transceiver::driveTxPriorityQueue():
// ... int timeSlot = (int) buffer; // ... GSM::Time currTime = GSM::Time(frameNum,timeSlot); // ...
There is no range check.
Feel free to use the TRX Toolkit to fuzz the TRX interface: