bsc_scan_msc_msg: check protocol discriminator

The function assumed an MM protocol discriminator without verifying it.
author: Neels Hofmeyr <nhofmeyr@sysmocom.de> 2016-03-14 13:41:20 +0100
committer: Neels Hofmeyr <nhofmeyr@sysmocom.de> 2016-03-15 13:14:56 +0100
commit: 3c94c2c5975774282e49d2d9a1d2041b01c8378e (patch)
tree: ea7a54c7169dc1273945bf8df441c80a23e60544 /openbsc
parent: 372a3bd346d481bec4fd754b46ff7c8e380c012c (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/openbsc/src/osmo-bsc/osmo_bsc_filter.c b/openbsc/src/osmo-bsc/osmo_bsc_filter.c
index 2e2db8875..9d7a5ca5e 100644
--- a/openbsc/src/osmo-bsc/osmo_bsc_filter.c
+++ b/openbsc/src/osmo-bsc/osmo_bsc_filter.c
@@ -337,6 +337,7 @@ int bsc_scan_msc_msg(struct gsm_subscriber_connection *conn, struct msgb *msg)
 	struct gsm_network *net;
 	struct gsm48_loc_area_id *lai;
 	struct gsm48_hdr *gh;
+	uint8_t pdisc;
 	uint8_t mtype;
 	int length = msgb_l3len(msg);
 
@@ -348,6 +349,10 @@ int bsc_scan_msc_msg(struct gsm_subscriber_connection *conn, struct msgb *msg)
 	gh = (struct gsm48_hdr *) msgb_l3(msg);
 	length -= (const char *)&gh->data[0] - (const char *)gh;
 
+	pdisc = gsm48_hdr_pdisc(gh);
+	if (pdisc != GSM48_PDISC_MM)
+		return 0;
+
 	mtype = gsm48_hdr_msg_type(gh);
 	net = conn->bts->network;
 	msc = conn->sccp_con->msc;
author	Neels Hofmeyr <nhofmeyr@sysmocom.de>	2016-03-14 13:41:20 +0100
committer	Neels Hofmeyr <nhofmeyr@sysmocom.de>	2016-03-15 13:14:56 +0100
commit	3c94c2c5975774282e49d2d9a1d2041b01c8378e (patch)
tree	ea7a54c7169dc1273945bf8df441c80a23e60544 /openbsc
parent	372a3bd346d481bec4fd754b46ff7c8e380c012c (diff)