diff options
| author | Jacob Erlbeck <jerlbeck@sysmocom.de> | 2015-01-12 13:54:39 +0100 |
|---|---|---|
| committer | Holger Hans Peter Freyther <holger@moiji-mobile.com> | 2015-01-18 13:17:09 +0100 |
| commit | 1610626fe9e65693c6d8743129b10ed4958ec6ea (patch) | |
| tree | ce22b1cfe754c5f5735defac810decc46c7b7cba | |
| parent | a2315eebf972412e122033ac036dd21bcdad5335 (diff) | |
gprs: Clear GSUP message structures before decoding
Currently the message structure is not cleared before the message is
parsed which can cause information leaking between messages if the
same gprs_gsup_message object is used. Especially list elements (auth
tuples and pdp info) are not replaced by an IE, but the IE is
appended.
This patch uses the assignment operator to clear gprs_gsup_message,
gsm_auth_tuple, and gprs_gsup_pdp_info before using them. This also
replaces the use of memcpy of the latter.
Sponsored-by: On-Waves ehf
| -rw-r--r-- | openbsc/src/gprs/gprs_gsup_messages.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/openbsc/src/gprs/gprs_gsup_messages.c b/openbsc/src/gprs/gprs_gsup_messages.c index aa3d55e0b..f47ad5545 100644 --- a/openbsc/src/gprs/gprs_gsup_messages.c +++ b/openbsc/src/gprs/gprs_gsup_messages.c @@ -172,6 +172,9 @@ int gprs_gsup_decode(const uint8_t *const_data, size_t data_len, size_t value_len; static const struct gprs_gsup_pdp_info empty_pdp_info = {0}; static const struct gsm_auth_tuple empty_auth_info = {0}; + static const struct gprs_gsup_message empty_gsup_message = {0}; + + *gsup_msg = empty_gsup_message; /* generic part */ rc = gprs_shift_v_fixed(&data, &data_len, 1, &value); @@ -198,9 +201,6 @@ int gprs_gsup_decode(const uint8_t *const_data, size_t data_len, gsm48_decode_bcd_number(gsup_msg->imsi, sizeof(gsup_msg->imsi), value - 1, 0); - gsup_msg->num_pdp_infos = 0; - gsup_msg->num_auth_tuples = 0; - /* specific parts */ while (data_len > 0) { enum gprs_gsup_iei iei; @@ -253,7 +253,7 @@ int gprs_gsup_decode(const uint8_t *const_data, size_t data_len, return -GMM_CAUSE_COND_IE_ERR; } - memcpy(&pdp_info, &empty_pdp_info, sizeof(pdp_info)); + pdp_info = empty_pdp_info; if (iei == GPRS_GSUP_PDP_INFO_IE) { rc = decode_pdp_info(value, value_len, &pdp_info); @@ -277,7 +277,7 @@ int gprs_gsup_decode(const uint8_t *const_data, size_t data_len, return -GMM_CAUSE_INV_MAND_INFO; } - memcpy(&auth_info, &empty_auth_info, sizeof(auth_info)); + auth_info = empty_auth_info; auth_info.key_seq = gsup_msg->num_auth_tuples; rc = decode_auth_info(value, value_len, &auth_info); |