Age | Commit message (Collapse) | Author | Files | Lines |
|
Make gtpie_gettlv() return an error if gtpie_getie() returned an error.
Previously, openggsn would fail to complain about certain missing elements.
Technically, a missing IE could be detectable from the *length value, but the
code in gtp.c relies on the return value to detect missing elements, which did
not work prior to this commit. For example:
if (gtpie_gettlv(ie, GTPIE_EUA, 0, &pdp->eua.l,
&pdp->eua.v, sizeof(pdp->eua.v))) {
gsn->missing++;
GTP_LOGPKG(LOGL_ERROR, peer, pack,
len, "Missing mandatory information field\n");
return gtp_create_pdp_resp(gsn, version, pdp,
GTPCAUSE_MAN_IE_MISSING);
}
If an EUA were missing in this code path, openggsn would fail to issue an error
message. Since pdp and hence pdp->eua.l is initialized as all-zero, it would
probably not do much harm besides failing to issue an error.
I haven't checked all callers though.
|
|
|
|
After so many years of silence, we don't expect the original author to
return to the project. To make things a bit simpler for us, we convert
the coding style to what we are used to (Linux style).
The conversion was made using the 'Lindent' script which is part of the
Linux kernel.
|
|
fix ggsn handling of create pdp context when RAI is included and Recovery field is absent
Signed-off-by: Yann BONNAMY <yann_bonnamy@yahoo.fr>
|
|
This adds support for the followng new GTP Information Elements:
RAT_TYPE, USER_LOC, MS_TZ, IMEI_SV
Furthermore, it allows to specify those fields as sgsnemu command line
arguments.
|
|
Pointers are not always 4 bytes in size...
|
|
Mostly signed/unsigned and typecasting issues
Taken from http://sourceforge.net/tracker/index.php?func=detail&aid=1811517&group_id=68956&atid=522957
|
|
This is taken from http://sourceforge.net/tracker/index.php?func=detail&aid=1811511&group_id=68956&atid=522957 and http://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg402969.html and addresses a DoS:
The problem lies in the parsing of information elements in GTP messages, which
is implemented in the gtpie_decaps function of gtp/gtpie.c file.
The implementation has a bug that does not check if there are too many
information elements in the message thus causing the software to loop
infinitely in the while-loop.
In addition, handling routine for the error situation had to be implemented
outside the while-loop.
|
|
|
|
|
|
|
|
|