summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNeels Hofmeyr <nhofmeyr@sysmocom.de>2016-03-14 16:15:02 +0100
committerHolger Hans Peter Freyther <holger@moiji-mobile.com>2016-03-15 14:26:00 +0100
commit10cd11345c2dd3f38793e7dd7456e7882ab95dd9 (patch)
tree323a66f3a8d1ef668cd50914ed32c442ad9aa08d
parent8c515272c3e82c2400b15b5bfefa9dd883b86b96 (diff)
bsc_scan_msc_msg: check protocol discriminator
The function assumed an MM protocol discriminator without verifying it.
-rw-r--r--openbsc/src/osmo-bsc/osmo_bsc_filter.c5
1 files changed, 5 insertions, 0 deletions
diff --git a/openbsc/src/osmo-bsc/osmo_bsc_filter.c b/openbsc/src/osmo-bsc/osmo_bsc_filter.c
index a71871f77..14e0b7144 100644
--- a/openbsc/src/osmo-bsc/osmo_bsc_filter.c
+++ b/openbsc/src/osmo-bsc/osmo_bsc_filter.c
@@ -336,6 +336,7 @@ int bsc_scan_msc_msg(struct gsm_subscriber_connection *conn, struct msgb *msg)
struct gsm_network *net;
struct gsm48_loc_area_id *lai;
struct gsm48_hdr *gh;
+ uint8_t pdisc;
uint8_t mtype;
int length = msgb_l3len(msg);
@@ -347,6 +348,10 @@ int bsc_scan_msc_msg(struct gsm_subscriber_connection *conn, struct msgb *msg)
gh = (struct gsm48_hdr *) msgb_l3(msg);
length -= (const char *)&gh->data[0] - (const char *)gh;
+ pdisc = gsm48_hdr_pdisc(gh);
+ if (pdisc != GSM48_PDISC_MM)
+ return 0;
+
mtype = gsm48_hdr_msg_type(gh);
net = conn->bts->network;
msc = conn->sccp_con->msc;