diff options
| author | Aleksander Morgado <aleksander@aleksander.es> | 2020-06-23 10:44:36 +0200 |
|---|---|---|
| committer | Aleksander Morgado <aleksander@aleksander.es> | 2020-06-23 13:41:25 +0200 |
| commit | 03bbe9042a9fae00a489564cbe979733df11b4b1 (patch) | |
| tree | 2010e3ebee1a20db8e45af37891624078b7712d5 | |
| parent | 3c5b085e7f0f7c2ac3dd6f145e64cde354883ccb (diff) | |
| download | libmbim-03bbe9042a9fae00a489564cbe979733df11b4b1.tar.gz | |
libmbim-glib,device: ignore messages with wrong MBIM message type
The Cinterion mPLS62-w may end up sending messages which are clearly
not well formatted MBIM messages, and upon receiving one of them, the
mbim-proxy would get completely stuck (e.g. attempting to read a
message of >800MB because of the reported length in the first
malformed messae).
Try to avoid this, by doing an initial filter by message type, which
at least solves the seen problem. Not a fully robust fix yet, though.
E.g. new logs:
[23 jun 2020, 10:43:49] [Debug] [/dev/cdc-wdm1] Sent message (translated)...
<<<<<< Header:
<<<<<< length = 48
<<<<<< type = command (0x00000003)
<<<<<< transaction = 20
<<<<<< Fragment header:
<<<<<< total = 1
<<<<<< current = 0
<<<<<< Contents:
<<<<<< service = 'atds' (5967bdcc-7fd2-49a2-9f5c-b2e70e527db3)
<<<<<< cid = 'location' (0x00000002)
<<<<<< type = 'query' (0x00000000)
[23 jun 2020, 10:43:49] -Warning ** [/dev/cdc-wdm1] discarding 293 bytes in MBIM stream as message type validation fails
[23 jun 2020, 10:43:49] -Warning ** [/dev/cdc-wdm1] discarding 200 bytes in MBIM stream as message type validation fails
[23 jun 2020, 10:43:49] -Warning ** [/dev/cdc-wdm1] discarding 168 bytes in MBIM stream as message type validation fails
[23 jun 2020, 10:43:49] -Warning ** [/dev/cdc-wdm1] discarding 311 bytes in MBIM stream as message type validation fails
[23 jun 2020, 10:43:49] -Warning ** [/dev/cdc-wdm1] discarding 311 bytes in MBIM stream as message type validation fails
[23 jun 2020, 10:43:49] -Warning ** [/dev/cdc-wdm1] discarding 311 bytes in MBIM stream as message type validation fails
[23 jun 2020, 10:43:49] -Warning ** [/dev/cdc-wdm1] discarding 335 bytes in MBIM stream as message type validation fails
[23 jun 2020, 10:43:49] -Warning ** [/dev/cdc-wdm1] discarding 277 bytes in MBIM stream as message type validation fails
[23 jun 2020, 10:43:49] -Warning ** [/dev/cdc-wdm1] discarding 312 bytes in MBIM stream as message type validation fails
[23 jun 2020, 10:43:49] -Warning ** [/dev/cdc-wdm1] discarding 314 bytes in MBIM stream as message type validation fails
[23 jun 2020, 10:43:49] -Warning ** [/dev/cdc-wdm1] discarding 312 bytes in MBIM stream as message type validation fails
[23 jun 2020, 10:43:49] -Warning ** [/dev/cdc-wdm1] discarding 280 bytes in MBIM stream as message type validation fails
[23 jun 2020, 10:43:49] -Warning ** [/dev/cdc-wdm1] discarding 312 bytes in MBIM stream as message type validation fails
[23 jun 2020, 10:43:49] -Warning ** [/dev/cdc-wdm1] discarding 312 bytes in MBIM stream as message type validation fails
[23 jun 2020, 10:43:49] -Warning ** [/dev/cdc-wdm1] discarding 326 bytes in MBIM stream as message type validation fails
[23 jun 2020, 10:43:49] -Warning ** [/dev/cdc-wdm1] discarding 260 bytes in MBIM stream as message type validation fails
[23 jun 2020, 10:43:49] -Warning ** [/dev/cdc-wdm1] discarding 244 bytes in MBIM stream as message type validation fails
[23 jun 2020, 10:43:49] -Warning ** [/dev/cdc-wdm1] discarding 326 bytes in MBIM stream as message type validation fails
[23 jun 2020, 10:43:49] -Warning ** [/dev/cdc-wdm1] discarding 326 bytes in MBIM stream as message type validation fails
[23 jun 2020, 10:43:49] -Warning ** [/dev/cdc-wdm1] discarding 326 bytes in MBIM stream as message type validation fails
[23 jun 2020, 10:43:49] -Warning ** [/dev/cdc-wdm1] discarding 306 bytes in MBIM stream as message type validation fails
[23 jun 2020, 10:43:49] -Warning ** [/dev/cdc-wdm1] discarding 334 bytes in MBIM stream as message type validation fails
[23 jun 2020, 10:43:49] -Warning ** [/dev/cdc-wdm1] discarding 324 bytes in MBIM stream as message type validation fails
[23 jun 2020, 10:43:49] -Warning ** [/dev/cdc-wdm1] discarding 356 bytes in MBIM stream as message type validation fails
[23 jun 2020, 10:43:49] -Warning ** [/dev/cdc-wdm1] discarding 356 bytes in MBIM stream as message type validation fails
[23 jun 2020, 10:43:49] -Warning ** [/dev/cdc-wdm1] discarding 191 bytes in MBIM stream as message type validation fails
[23 jun 2020, 10:43:49] -Warning ** [/dev/cdc-wdm1] discarding 201 bytes in MBIM stream as message type validation fails
[23 jun 2020, 10:43:49] -Warning ** [/dev/cdc-wdm1] discarding 356 bytes in MBIM stream as message type validation fails
[23 jun 2020, 10:43:49] -Warning ** [/dev/cdc-wdm1] discarding 356 bytes in MBIM stream as message type validation fails
(cherry picked from commit cbb3e3944452a940ba583020882d13f2e49acd27)
| -rw-r--r-- | src/libmbim-glib/mbim-device.c | 29 |
1 files changed, 28 insertions, 1 deletions
diff --git a/src/libmbim-glib/mbim-device.c b/src/libmbim-glib/mbim-device.c index 4d9b1cd..42f83f2 100644 --- a/src/libmbim-glib/mbim-device.c +++ b/src/libmbim-glib/mbim-device.c @@ -679,6 +679,26 @@ process_message (MbimDevice *self, } } +static gboolean +validate_message_type (const MbimMessage *message) +{ + switch (mbim_message_get_message_type (message)) { + case MBIM_MESSAGE_TYPE_OPEN: + case MBIM_MESSAGE_TYPE_CLOSE: + case MBIM_MESSAGE_TYPE_COMMAND: + case MBIM_MESSAGE_TYPE_HOST_ERROR: + case MBIM_MESSAGE_TYPE_OPEN_DONE: + case MBIM_MESSAGE_TYPE_CLOSE_DONE: + case MBIM_MESSAGE_TYPE_COMMAND_DONE: + case MBIM_MESSAGE_TYPE_FUNCTION_ERROR: + case MBIM_MESSAGE_TYPE_INDICATE_STATUS: + return TRUE; + default: + case MBIM_MESSAGE_TYPE_INVALID: + return FALSE; + } +} + static void parse_response (MbimDevice *self) { @@ -692,9 +712,16 @@ parse_response (MbimDevice *self) message = (const MbimMessage *)self->priv->response; + /* Fully ignore data that is clearly not a MBIM message */ + if (!validate_message_type (message)) { + g_warning ("[%s] discarding %u bytes in MBIM stream as message type validation fails", + self->priv->path_display, self->priv->response->len); + g_byte_array_remove_range (self->priv->response, 0, self->priv->response->len); + return; + } + /* No full message yet */ in_length = mbim_message_get_message_length (message); - if (self->priv->response->len < in_length) return; |