MNCC: Add input validation

There appears to have been no input validation whatsoever on MNCC messages. Hence it was very easy for an external MNCC handler to crash OsmoMSC, such as in OS#2853 Change-Id: Idaf3b8e409c84564b1eb26d01a19c605f89b14f4 Closes: OS#2853
author: Harald Welte <laforge@gnumonks.org> 2018-01-22 01:49:02 +0100
committer: Harald Welte <laforge@gnumonks.org> 2018-01-23 17:03:05 +0000
commit: 5718429ec99f185efe2e733463700b8997f66b61 (patch)
tree: c8a9d2b912dce7fe877466a95b1c57a229698f78 /src/libmsc/mncc_sock.c
parent: 3b26f3495054196d42ac94fe4683aa94564807d8 (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/src/libmsc/mncc_sock.c b/src/libmsc/mncc_sock.c
index b6b1bc9d9..14613ca2c 100644
--- a/src/libmsc/mncc_sock.c
+++ b/src/libmsc/mncc_sock.c
@@ -123,8 +123,11 @@ static int mncc_sock_read(struct osmo_fd *bfd)
 			return 0;
 		goto close;
 	}
+	msgb_put(msg, rc);
 
-	rc = mncc_tx_to_cc(state->net, mncc_prim->msg_type, mncc_prim);
+	rc = mncc_prim_check(mncc_prim, rc);
+	if (rc == 0)
+		rc = mncc_tx_to_cc(state->net, mncc_prim->msg_type, mncc_prim);
 
 	/* as we always synchronously process the message in mncc_send() and
 	 * its callbacks, we can free the message here. */
author	Harald Welte <laforge@gnumonks.org>	2018-01-22 01:49:02 +0100
committer	Harald Welte <laforge@gnumonks.org>	2018-01-23 17:03:05 +0000
commit	5718429ec99f185efe2e733463700b8997f66b61 (patch)
tree	c8a9d2b912dce7fe877466a95b1c57a229698f78 /src/libmsc/mncc_sock.c
parent	3b26f3495054196d42ac94fe4683aa94564807d8 (diff)