From e0cb0eeb3f04745cd5b17d5aa7c63ad7fea988f0 Mon Sep 17 00:00:00 2001
From: Neels Hofmeyr <nhofmeyr@sysmocom.de>
Date: Thu, 16 Mar 2017 05:30:11 +0100
Subject: auth_milenage: fix check against too large ind

To ensure that the IND index appended to SEQ does not affect the SEQ, the check
should read '>= seq_1', not '>'.

Change-Id: Ib1251159eee02aa07fae1b429ffec2e4604bf6a8
---
 src/gsm/auth_milenage.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/gsm/auth_milenage.c')

diff --git a/src/gsm/auth_milenage.c b/src/gsm/auth_milenage.c
index f151c5e8..c1331b5b 100644
--- a/src/gsm/auth_milenage.c
+++ b/src/gsm/auth_milenage.c
@@ -94,7 +94,7 @@ static int milenage_gen_vec(struct osmo_auth_vector *vec,
 	ind_mask = ~(seq_1 - 1);
 
 	/* the ind index must not affect the SEQ part */
-	if (aud->u.umts.ind > seq_1)
+	if (aud->u.umts.ind >= seq_1)
 		return -3;
 
 	/* keep the incremented SQN local until gsm_milenage() succeeded. */
-- 
cgit v1.2.3