From 960d28087e18263027f7dbdb5e5bc641053c7e64 Mon Sep 17 00:00:00 2001 From: Neels Hofmeyr Date: Wed, 4 May 2016 16:02:39 +0200 Subject: IuCS: upon sec mode compl, check that a sec op is pending Safety check: discard Security Mode Complete messages when there is no security operation pending. --- openbsc/src/osmo-cscn/iucs_ranap.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/openbsc/src/osmo-cscn/iucs_ranap.c b/openbsc/src/osmo-cscn/iucs_ranap.c index 4a0f6bbcf..06a0acba4 100644 --- a/openbsc/src/osmo-cscn/iucs_ranap.c +++ b/openbsc/src/osmo-cscn/iucs_ranap.c @@ -58,6 +58,14 @@ int iucs_rx_sec_mode_compl(struct gsm_subscriber_connection *conn, OSMO_ASSERT(conn->via_iface == IFACE_IU); + if (!conn->sec_operation) { + LOGP(DIUCS, LOGL_ERROR, + "Received Security Mode Complete message, but no" + " authentication/cipher operation in progress" + " for subscr %s\n", subscr_name(conn->subscr)); + return; + } + /* TODO evalute ies */ if (conn->iu.integrity_protection) -- cgit v1.2.3