diff options
| author | Jacob Erlbeck <jerlbeck@sysmocom.de> | 2014-09-19 09:28:42 +0200 |
|---|---|---|
| committer | Holger Hans Peter Freyther <holger@moiji-mobile.com> | 2014-10-09 17:42:23 +0200 |
| commit | 08fbeb8fa4c1097c2714e7b4b85079119aebee5b (patch) | |
| tree | 267356e6b35fda60ce035ab62c63aa36b01a432e | |
| parent | e27ab916d6bcbc4f6d5dd2725f37f39c76d7ce30 (diff) | |
gbproxy/sgsn: Enforce termination when creating a P-TMSI/TLLI
Currently the number of iterations when creating a P-TMSI/TLLI is not
limited. It is nevertheless very unlikely that the loop will not
terminate. On the other hand, the number of iterations of every loop
should have an upper bound (loop variant) which wouldn't be the case
here if an arbitrary random generator was used.
This patch limits the number of iterations to 23 and logs an error if
the creation of the indentifier was aborted due to this limit.
Sponsored-by: On-Waves ehf
| -rw-r--r-- | openbsc/src/gprs/gb_proxy.c | 13 | ||||
| -rw-r--r-- | openbsc/src/gprs/gprs_sgsn.c | 10 |
2 files changed, 20 insertions, 3 deletions
diff --git a/openbsc/src/gprs/gb_proxy.c b/openbsc/src/gprs/gb_proxy.c index daa9ba08b..8b5a67269 100644 --- a/openbsc/src/gprs/gb_proxy.c +++ b/openbsc/src/gprs/gb_proxy.c @@ -226,6 +226,7 @@ uint32_t gbproxy_make_bss_ptmsi(struct gbproxy_peer *peer, uint32_t sgsn_ptmsi) { uint32_t bss_ptmsi; + int max_retries = 23; if (!peer->cfg->patch_ptmsi) { bss_ptmsi = sgsn_ptmsi; } else { @@ -235,9 +236,12 @@ uint32_t gbproxy_make_bss_ptmsi(struct gbproxy_peer *peer, if (gbproxy_find_tlli_by_ptmsi(peer, bss_ptmsi)) bss_ptmsi = GSM_RESERVED_TMSI; - } while (bss_ptmsi == GSM_RESERVED_TMSI); + } while (bss_ptmsi == GSM_RESERVED_TMSI && max_retries--); } + if (bss_ptmsi == GSM_RESERVED_TMSI) + LOGP(DGPRS, LOGL_ERROR, "Failed to allocate a BSS P-TMSI\n"); + return bss_ptmsi; } @@ -246,6 +250,7 @@ uint32_t gbproxy_make_sgsn_tlli(struct gbproxy_peer *peer, uint32_t bss_tlli) { uint32_t sgsn_tlli; + int max_retries = 23; if (!peer->cfg->patch_ptmsi) { sgsn_tlli = bss_tlli; } else if (tlli_info->sgsn_tlli.ptmsi != GSM_RESERVED_TMSI) { @@ -259,8 +264,12 @@ uint32_t gbproxy_make_sgsn_tlli(struct gbproxy_peer *peer, if (gbproxy_find_tlli_by_any_sgsn_tlli(peer, sgsn_tlli)) sgsn_tlli = 0; - } while (!sgsn_tlli); + } while (!sgsn_tlli && max_retries--); } + + if (!sgsn_tlli) + LOGP(DGPRS, LOGL_ERROR, "Failed to allocate an SGSN TLLI\n"); + return sgsn_tlli; } diff --git a/openbsc/src/gprs/gprs_sgsn.c b/openbsc/src/gprs/gprs_sgsn.c index 0c15619b5..4e5163200 100644 --- a/openbsc/src/gprs/gprs_sgsn.c +++ b/openbsc/src/gprs/gprs_sgsn.c @@ -359,15 +359,23 @@ uint32_t sgsn_alloc_ptmsi(void) { struct sgsn_mm_ctx *mm; uint32_t ptmsi; + int max_retries = 23; restart: ptmsi = rand() | 0xC0000000; llist_for_each_entry(mm, &sgsn_mm_ctxts, list) { - if (mm->p_tmsi == ptmsi) + if (mm->p_tmsi == ptmsi) { + if (!max_retries--) + goto failed; goto restart; + } } return ptmsi; + +failed: + LOGP(DGPRS, LOGL_ERROR, "Failed to allocate a P-TMSI\n"); + return GSM_RESERVED_TMSI; } static void drop_one_pdp(struct sgsn_pdp_ctx *pdp) |