gprs_ns2_sns: Verify mandatory IE presence in incoming SNS-SIZE

Change-Id: I40571e313c3332d8cead8fb4aa9768d0d083804d
author: Harald Welte <laforge@osmocom.org> 2021-03-04 17:59:35 +0100
committer: Harald Welte <laforge@osmocom.org> 2021-03-24 00:30:22 +0100
commit: a2c5af55470e6744c2ce74ed0de8f183c8554e5a (patch)
tree: 716aa9973633fbbf34d5648fedfa03d62a3ca3f1 /src/gb/gprs_ns2_sns.c
parent: 46eb7643c9293afbc863de84b1e782c5f8bf859f (diff)
1 files changed, 11 insertions, 2 deletions
diff --git a/src/gb/gprs_ns2_sns.c b/src/gb/gprs_ns2_sns.c
index f36e8d0b..b5b66770 100644
--- a/src/gb/gprs_ns2_sns.c
+++ b/src/gb/gprs_ns2_sns.c
@@ -2123,14 +2123,23 @@ static void ns2_sns_st_all_action_sgsn(struct osmo_fsm_inst *fi, uint32_t event,
 	struct ns2_sns_state *gss = (struct ns2_sns_state *) fi->priv;
 	struct tlv_parsed *tp = NULL;
 	uint8_t flag;
+	uint8_t cause;
 
 	OSMO_ASSERT(gss->role == GPRS_SNS_ROLE_SGSN);
 
 	switch (event) {
 	case GPRS_SNS_EV_RX_SIZE:
 		tp = (struct tlv_parsed *) data;
-		if (!TLVP_PRES_LEN(tp, NS_IE_RESET_FLAG, 1)) {
-			uint8_t cause = NS_CAUSE_MISSING_ESSENT_IE;
+		/* check for mandatory / conditional IEs */
+		if (!TLVP_PRES_LEN(tp, NS_IE_RESET_FLAG, 1) ||
+		    !TLVP_PRES_LEN(tp, NS_IE_MAX_NR_NSVC, 2)) {
+			cause = NS_CAUSE_MISSING_ESSENT_IE;
+			ns2_tx_sns_size_ack(gss->sns_nsvc, &cause);
+			break;
+		}
+		if (!TLVP_PRES_LEN(tp, NS_IE_IPv4_EP_NR, 2) &&
+		    !TLVP_PRES_LEN(tp, NS_IE_IPv6_EP_NR, 2)) {
+			cause = NS_CAUSE_MISSING_ESSENT_IE;
 			ns2_tx_sns_size_ack(gss->sns_nsvc, &cause);
 			break;
 		}
author	Harald Welte <laforge@osmocom.org>	2021-03-04 17:59:35 +0100
committer	Harald Welte <laforge@osmocom.org>	2021-03-24 00:30:22 +0100
commit	a2c5af55470e6744c2ce74ed0de8f183c8554e5a (patch)
tree	716aa9973633fbbf34d5648fedfa03d62a3ca3f1 /src/gb/gprs_ns2_sns.c
parent	46eb7643c9293afbc863de84b1e782c5f8bf859f (diff)