diff options
author | Harald Welte <laforge@osmocom.org> | 2021-02-07 13:24:52 +0100 |
---|---|---|
committer | Harald Welte <laforge@osmocom.org> | 2021-02-08 11:42:33 +0100 |
commit | f5d90c46e15dd79776d9b760ed5854e7ff94cdaa (patch) | |
tree | a15fbc514d56acce4ebefc535fa145f46c7546fd | |
parent | a0228a74e07ec4c95c88f39783753aa950571a6e (diff) |
SUA: Verify routing context IE of incoming CL and CO messages
When receiving user-data (connectionless / connection-oriented),
we must make sure that there either
a) no routing context IE in the message, and only one AS within the ASP, or
b) a valid routing context IE for an AS within the ASP
This important input validation has been done in M3UA for a long time,
but somehow never been implemented on the SUA side so far.
Change-Id: Icc232250513009137add3b45fecbb5d2a07c0645
-rw-r--r-- | src/sua.c | 14 |
1 files changed, 14 insertions, 0 deletions
@@ -510,10 +510,17 @@ int sua_addr_parse(struct osmo_sccp_addr *out, struct xua_msg *xua, uint16_t iei /* connectionless messages received from socket */ static int sua_rx_cl(struct osmo_ss7_asp *asp, struct xua_msg *xua) { + struct xua_msg_part *rctx_ie = xua_msg_find_tag(xua, SUA_IEI_ROUTE_CTX); struct osmo_sccp_instance *inst = asp->inst->sccp; + struct osmo_ss7_as *as; + int rc; OSMO_ASSERT(xua->hdr.msg_class == SUA_MSGC_CL); + rc = xua_find_as_for_asp(&as, asp, rctx_ie); + if (rc) + return rc; + switch (xua->hdr.msg_type) { case 0: /* Reserved, permitted by ETSI TS 101 592 5.2.3.2 */ case SUA_CL_CLDT: @@ -531,10 +538,17 @@ static int sua_rx_cl(struct osmo_ss7_asp *asp, struct xua_msg *xua) /* connection-oriented messages received from socket */ static int sua_rx_co(struct osmo_ss7_asp *asp, struct xua_msg *xua) { + struct xua_msg_part *rctx_ie = xua_msg_find_tag(xua, SUA_IEI_ROUTE_CTX); struct osmo_sccp_instance *inst = asp->inst->sccp; + struct osmo_ss7_as *as; + int rc; OSMO_ASSERT(xua->hdr.msg_class == SUA_MSGC_CO); + rc = xua_find_as_for_asp(&as, asp, rctx_ie); + if (rc) + return rc; + switch (xua->hdr.msg_type) { case 0: /* Reserved, permitted by ETSI TS 101 592 5.2.3.2 */ case SUA_CO_CORE: |