From 71857d72426c75e4bb71c3843a9eeeff53eca37d Mon Sep 17 00:00:00 2001
From: Holger Hans Peter Freyther <holger@moiji-mobile.com>
Date: Sun, 5 Apr 2015 18:48:27 +0200
Subject: filter: Put all the parameters in a struct to avoid order issues

With the "local" and "global" list name we might pick the
wrong argument. Avoid it by passing them as a struct.
---
 openbsc/src/libfilter/bsc_msg_filter.c | 50 +++++++++++++++++++++-------------
 1 file changed, 31 insertions(+), 19 deletions(-)

diff --git a/openbsc/src/libfilter/bsc_msg_filter.c b/openbsc/src/libfilter/bsc_msg_filter.c
index 486ed9368..a24e9de8b 100644
--- a/openbsc/src/libfilter/bsc_msg_filter.c
+++ b/openbsc/src/libfilter/bsc_msg_filter.c
@@ -38,6 +38,14 @@
 
 #include <osmocom/sccp/sccp.h>
 
+struct filter_request {
+	struct rb_root *black_list;
+	struct llist_head *access_lists;
+	const char *local_lst_name;
+	const char *global_lst_name;
+	int bsc_nr;
+};
+
 int bsc_filter_barr_find(struct rb_root *root, const char *imsi, int *cm, int *lu)
 {
 	struct bsc_filter_barr_entry *n;
@@ -142,10 +150,8 @@ static int lst_check_deny(struct bsc_msg_acc_lst *lst, const char *mi_string,
 }
 
 /* apply white/black list */
-static int auth_imsi(struct rb_root *black_list,
-		struct llist_head *access_lists,
-		const char *local_lst_name, const char *global_lst_name,
-		int bsc_nr, const char *imsi,
+static int auth_imsi(struct filter_request *req,
+		const char *imsi,
 		struct bsc_filter_reject_cause *cause)
 {
 	/*
@@ -161,7 +167,7 @@ static int auth_imsi(struct rb_root *black_list,
 	struct bsc_msg_acc_lst *bsc_lst = NULL;
 
 	/* 1. global check for barred imsis */
-	if (bsc_filter_barr_find(black_list, imsi, &cm, &lu)) {
+	if (bsc_filter_barr_find(req->black_list, imsi, &cm, &lu)) {
 		cause->cm_reject_cause = cm;
 		cause->lu_reject_cause = lu;
 		LOGP(DNAT, LOGL_DEBUG,
@@ -171,8 +177,8 @@ static int auth_imsi(struct rb_root *black_list,
 	}
 
 
-	bsc_lst = bsc_msg_acc_lst_find(access_lists, local_lst_name);
-	nat_lst = bsc_msg_acc_lst_find(access_lists, global_lst_name);
+	bsc_lst = bsc_msg_acc_lst_find(req->access_lists, req->local_lst_name);
+	nat_lst = bsc_msg_acc_lst_find(req->access_lists, req->global_lst_name);
 
 
 	if (bsc_lst) {
@@ -183,7 +189,7 @@ static int auth_imsi(struct rb_root *black_list,
 		/* 3. BSC deny */
 		if (lst_check_deny(bsc_lst, imsi, &cm, &lu) == 0) {
 			LOGP(DNAT, LOGL_ERROR,
-			     "Filtering %s by imsi_deny on config nr: %d.\n", imsi, bsc_nr);
+			     "Filtering %s by imsi_deny on config nr: %d.\n", imsi, req->bsc_nr);
 			rate_ctr_inc(&bsc_lst->stats->ctr[ACC_LIST_LOCAL_FILTER]);
 			cause->cm_reject_cause = cm;
 			cause->lu_reject_cause = lu;
@@ -196,7 +202,7 @@ static int auth_imsi(struct rb_root *black_list,
 	if (nat_lst) {
 		if (lst_check_deny(nat_lst, imsi, &cm, &lu) == 0) {
 			LOGP(DNAT, LOGL_ERROR,
-			     "Filtering %s global imsi_deny on bsc nr: %d.\n", imsi, bsc_nr);
+			     "Filtering %s global imsi_deny on bsc nr: %d.\n", imsi, req->bsc_nr);
 			rate_ctr_inc(&nat_lst->stats->ctr[ACC_LIST_GLOBAL_FILTER]);
 			cause->cm_reject_cause = cm;
 			cause->lu_reject_cause = lu;
@@ -300,7 +306,7 @@ static int _cr_check_pag_resp(struct bsc_connection *bsc,
 	return 1;
 }
 
-static int _dt_check_id_resp(struct bsc_connection *bsc,
+static int _dt_check_id_resp(struct filter_request *req,
 			     uint8_t *data, unsigned int length,
 			     struct nat_sccp_connection *con,
 			     struct bsc_filter_reject_cause *cause)
@@ -326,10 +332,7 @@ static int _dt_check_id_resp(struct bsc_connection *bsc,
 
 	con->imsi_checked = 1;
 	con->imsi = talloc_strdup(con, mi_string);
-	return auth_imsi(&bsc->nat->imsi_black_list,
-			&bsc->nat->access_lists,
-			bsc->cfg->acc_lst_name, bsc->nat->acc_lst_name,
-			bsc->cfg->nr, mi_string, cause);
+	return auth_imsi(req, mi_string, cause);
 }
 
 
@@ -339,6 +342,7 @@ int bsc_msg_filter_initial(struct gsm48_hdr *hdr48, size_t hdr48_len,
 			int *con_type,
 			char **imsi, struct bsc_filter_reject_cause *cause)
 {
+	struct filter_request req;
 	int ret = 0;
 	uint8_t msg_type, proto;
 
@@ -380,10 +384,12 @@ int bsc_msg_filter_initial(struct gsm48_hdr *hdr48, size_t hdr48_len,
 		return -1;
 
 	/* now check the imsi */
-	return auth_imsi(&bsc->nat->imsi_black_list,
-			&bsc->nat->access_lists,
-			bsc->cfg->acc_lst_name, bsc->nat->acc_lst_name,
-			bsc->cfg->nr, *imsi, cause);
+	req.black_list = &bsc->nat->imsi_black_list;
+	req.access_lists = &bsc->nat->access_lists;
+	req.local_lst_name = bsc->cfg->acc_lst_name;
+	req.global_lst_name = bsc->nat->acc_lst_name;
+	req.bsc_nr = bsc->cfg->nr;
+	return auth_imsi(&req, *imsi, cause);
 }
 
 int bsc_msg_filter_data(struct gsm48_hdr *hdr48, size_t len,
@@ -391,6 +397,7 @@ int bsc_msg_filter_data(struct gsm48_hdr *hdr48, size_t len,
 		struct nat_sccp_connection *con,
 		struct bsc_filter_reject_cause *cause)
 {
+	struct filter_request req;
 	uint8_t msg_type, proto;
 
 	cause->cm_reject_cause = GSM48_REJECT_PLMN_NOT_ALLOWED;
@@ -404,6 +411,11 @@ int bsc_msg_filter_data(struct gsm48_hdr *hdr48, size_t len,
 	if (proto != GSM48_PDISC_MM || msg_type != GSM48_MT_MM_ID_RESP)
 		return 0;
 
-	return _dt_check_id_resp(bsc, &hdr48->data[0],
+	req.black_list = &bsc->nat->imsi_black_list;
+	req.access_lists = &bsc->nat->access_lists;
+	req.local_lst_name = bsc->cfg->acc_lst_name;
+	req.global_lst_name = bsc->nat->acc_lst_name;
+	req.bsc_nr = bsc->cfg->nr;
+	return _dt_check_id_resp(&req, &hdr48->data[0],
 					len - sizeof(*hdr48), con, cause);
 }
-- 
cgit v1.2.3