[mgcp] Fix two bugs in the protocol handling

In case of a wrongly formatted AUEP, CRCX, DLCX, MDCX the transaction id pointer was a dangling pointer... Initialize the transaction id to a static string.. Also fix a off by one bug. We want to extract four elements from the MGCP message and not only 3... So a short AUEP message made it us read too many things.
author: Holger Hans Peter Freyther <zecke@selfish.org> 2010-02-26 13:32:55 +0100
committer: Holger Hans Peter Freyther <zecke@selfish.org> 2010-02-26 13:32:55 +0100
commit: a820c5f89d0ea3a7aefd1621d9bf1c9c5a25e8eb (patch)
tree: 2fc85e833bd4f6424daa5548b6c2d2517cd8d785
parent: 63f2db2ec94b1e7c7e84b508f3e1ea25b5fb007f (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/openbsc/src/mgcp/mgcp_protocol.c b/openbsc/src/mgcp/mgcp_protocol.c
index 43bddf4a5..0fe33dd23 100644
--- a/openbsc/src/mgcp/mgcp_protocol.c
+++ b/openbsc/src/mgcp/mgcp_protocol.c
@@ -302,6 +302,8 @@ static int analyze_header(struct mgcp_config *cfg, struct msgb *msg,
 {
 	int found;
 
+	*transaction_id = "000000";
+
 	if (size < 3) {
 		LOGP(DMGCP, LOGL_ERROR, "Not enough space in ptr\n");
 		return -1;
@@ -309,7 +311,7 @@ static int analyze_header(struct mgcp_config *cfg, struct msgb *msg,
 
 	found = find_msg_pointers(msg, ptr, size);
 
-	if (found < 3) {
+	if (found <= 3) {
 		LOGP(DMGCP, LOGL_ERROR, "Gateway: Not enough params. Found: %d\n", found);
 		return -1;
 	}
author	Holger Hans Peter Freyther <zecke@selfish.org>	2010-02-26 13:32:55 +0100
committer	Holger Hans Peter Freyther <zecke@selfish.org>	2010-02-26 13:32:55 +0100
commit	a820c5f89d0ea3a7aefd1621d9bf1c9c5a25e8eb (patch)
tree	2fc85e833bd4f6424daa5548b6c2d2517cd8d785
parent	63f2db2ec94b1e7c7e84b508f3e1ea25b5fb007f (diff)