summaryrefslogtreecommitdiffstats
path: root/openbsc
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@gnumonks.org>2011-04-11 16:32:50 +0200
committerHarald Welte <laforge@gnumonks.org>2011-04-12 21:50:46 +0200
commitca05d432d71cd940e6da9af1930096aaab47f897 (patch)
tree94877c0c490939ebf71f390e98b7933ec22d046c /openbsc
parent0d20b635749dea8f056245f283ce571e65d8c2c7 (diff)
src: more robust ipaccess_idtag_parse()
Now ipaccess_idtag_parse() returns -EINVAL instead of -1. We also check for the return value of this function in every invocation to skip further processing in case of messages with malformed TLVs. This idea was suggested by Zecke.
Diffstat (limited to 'openbsc')
-rw-r--r--openbsc/src/libabis/input/ipaccess.c14
-rw-r--r--openbsc/src/osmo-bsc_nat/bsc_nat.c8
-rw-r--r--openbsc/src/osmo-bsc_nat/bsc_ussd.c8
3 files changed, 23 insertions, 7 deletions
diff --git a/openbsc/src/libabis/input/ipaccess.c b/openbsc/src/libabis/input/ipaccess.c
index c4c13d7fa..ba641a836 100644
--- a/openbsc/src/libabis/input/ipaccess.c
+++ b/openbsc/src/libabis/input/ipaccess.c
@@ -123,7 +123,7 @@ int ipaccess_idtag_parse(struct tlv_parsed *dec, unsigned char *buf, int len)
if (t_len > len + 1) {
LOGP(DMI, LOGL_ERROR, "The tag does not fit: %d\n", t_len);
- return -1;
+ return -EINVAL;
}
DEBUGPC(DMI, "%s='%s' ", ipaccess_idtag_name(t_tag), cur);
@@ -251,7 +251,7 @@ static int ipaccess_rcvmsg(struct e1inp_line *line, struct msgb *msg,
u_int16_t site_id = 0, bts_id = 0, trx_id = 0;
struct gsm_bts *bts;
char *unitid;
- int len;
+ int len, ret;
/* handle base messages */
ipaccess_rcvmsg_base(msg, bfd);
@@ -260,10 +260,14 @@ static int ipaccess_rcvmsg(struct e1inp_line *line, struct msgb *msg,
case IPAC_MSGT_ID_RESP:
DEBUGP(DMI, "ID_RESP ");
/* parse tags, search for Unit ID */
- ipaccess_idtag_parse(&tlvp, (u_int8_t *)msg->l2h + 2,
- msgb_l2len(msg)-2);
+ ret = ipaccess_idtag_parse(&tlvp, (u_int8_t *)msg->l2h + 2,
+ msgb_l2len(msg)-2);
DEBUGP(DMI, "\n");
-
+ if (ret < 0) {
+ LOGP(DINP, LOGL_ERROR, "ignoring IPA response message "
+ "with malformed TLVs\n");
+ return ret;
+ }
if (!TLVP_PRESENT(&tlvp, IPAC_IDTAG_UNIT))
break;
diff --git a/openbsc/src/osmo-bsc_nat/bsc_nat.c b/openbsc/src/osmo-bsc_nat/bsc_nat.c
index 75862941a..8c164a270 100644
--- a/openbsc/src/osmo-bsc_nat/bsc_nat.c
+++ b/openbsc/src/osmo-bsc_nat/bsc_nat.c
@@ -1019,9 +1019,15 @@ exit:
/* do we know who is handling this? */
if (msg->l2h[0] == IPAC_MSGT_ID_RESP) {
struct tlv_parsed tvp;
- ipaccess_idtag_parse(&tvp,
+ int ret;
+ ret = ipaccess_idtag_parse(&tvp,
(unsigned char *) msg->l2h + 2,
msgb_l2len(msg) - 2);
+ if (ret < 0) {
+ LOGP(DNAT, LOGL_ERROR, "ignoring IPA response "
+ "message with malformed TLVs\n");
+ return ret;
+ }
if (TLVP_PRESENT(&tvp, IPAC_IDTAG_UNITNAME))
ipaccess_auth_bsc(&tvp, bsc);
}
diff --git a/openbsc/src/osmo-bsc_nat/bsc_ussd.c b/openbsc/src/osmo-bsc_nat/bsc_ussd.c
index af123407a..fd38f7800 100644
--- a/openbsc/src/osmo-bsc_nat/bsc_ussd.c
+++ b/openbsc/src/osmo-bsc_nat/bsc_ussd.c
@@ -123,9 +123,15 @@ static int ussd_read_cb(struct bsc_fd *bfd)
if (hh->proto == IPAC_PROTO_IPACCESS) {
if (msg->l2h[0] == IPAC_MSGT_ID_RESP) {
struct tlv_parsed tvp;
- ipaccess_idtag_parse(&tvp,
+ int ret;
+ ret = ipaccess_idtag_parse(&tvp,
(unsigned char *) msg->l2h + 2,
msgb_l2len(msg) - 2);
+ if (ret < 0) {
+ LOGP(DNAT, LOGL_ERROR, "ignoring IPA response "
+ "message with malformed TLVs\n");
+ return ret;
+ }
if (TLVP_PRESENT(&tvp, IPAC_IDTAG_UNITNAME))
ussd_auth_con(&tvp, conn);
}