SUA: Verify routing context IE of incoming CL and CO messages

When receiving user-data (connectionless / connection-oriented),
we must make sure that there either
a) no routing context IE in the message, and only one AS within the ASP, or
b) a valid routing context IE for an AS within the ASP

This important input validation has been done in M3UA for a long time,
but somehow never been implemented on the SUA side so far.

Change-Id: Icc232250513009137add3b45fecbb5d2a07c0645

1 files changed, 14 insertions, 0 deletions

diff --git a/src/sua.c b/src/sua.c
index 4a98b9a..42d43e8 100644
--- a/src/sua.c
+++ b/src/sua.c
@@ -510,10 +510,17 @@ int sua_addr_parse(struct osmo_sccp_addr *out, struct xua_msg *xua, uint16_t iei
 /* connectionless messages received from socket */
 static int sua_rx_cl(struct osmo_ss7_asp *asp, struct xua_msg *xua)
 {
+	struct xua_msg_part *rctx_ie = xua_msg_find_tag(xua, SUA_IEI_ROUTE_CTX);
 	struct osmo_sccp_instance *inst = asp->inst->sccp;
+	struct osmo_ss7_as *as;
+	int rc;
 
 	OSMO_ASSERT(xua->hdr.msg_class == SUA_MSGC_CL);
 
+	rc = xua_find_as_for_asp(&as, asp, rctx_ie);
+	if (rc)
+		return rc;
+
 	switch (xua->hdr.msg_type) {
 	case 0: /* Reserved, permitted by ETSI TS 101 592 5.2.3.2 */
 	case SUA_CL_CLDT:
@@ -531,10 +538,17 @@ static int sua_rx_cl(struct osmo_ss7_asp *asp, struct xua_msg *xua)
 /* connection-oriented messages received from socket */
 static int sua_rx_co(struct osmo_ss7_asp *asp, struct xua_msg *xua)
 {
+	struct xua_msg_part *rctx_ie = xua_msg_find_tag(xua, SUA_IEI_ROUTE_CTX);
 	struct osmo_sccp_instance *inst = asp->inst->sccp;
+	struct osmo_ss7_as *as;
+	int rc;
 
 	OSMO_ASSERT(xua->hdr.msg_class == SUA_MSGC_CO);
 
+	rc = xua_find_as_for_asp(&as, asp, rctx_ie);
+	if (rc)
+		return rc;
+
 	switch (xua->hdr.msg_type) {
 	case 0: /* Reserved, permitted by ETSI TS 101 592 5.2.3.2 */
 	case SUA_CO_CORE: