aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@gnumonks.org>2011-04-11 16:32:50 +0200
committerHarald Welte <laforge@gnumonks.org>2011-04-12 21:50:46 +0200
commitca05d432d71cd940e6da9af1930096aaab47f897 (patch)
tree94877c0c490939ebf71f390e98b7933ec22d046c
parent0d20b635749dea8f056245f283ce571e65d8c2c7 (diff)
src: more robust ipaccess_idtag_parse()
Now ipaccess_idtag_parse() returns -EINVAL instead of -1. We also check for the return value of this function in every invocation to skip further processing in case of messages with malformed TLVs. This idea was suggested by Zecke.
-rw-r--r--openbsc/src/libabis/input/ipaccess.c14
-rw-r--r--openbsc/src/osmo-bsc_nat/bsc_nat.c8
-rw-r--r--openbsc/src/osmo-bsc_nat/bsc_ussd.c8
3 files changed, 23 insertions, 7 deletions
diff --git a/openbsc/src/libabis/input/ipaccess.c b/openbsc/src/libabis/input/ipaccess.c
index c4c13d7fa..ba641a836 100644
--- a/openbsc/src/libabis/input/ipaccess.c
+++ b/openbsc/src/libabis/input/ipaccess.c
@@ -123,7 +123,7 @@ int ipaccess_idtag_parse(struct tlv_parsed *dec, unsigned char *buf, int len)
if (t_len > len + 1) {
LOGP(DMI, LOGL_ERROR, "The tag does not fit: %d\n", t_len);
- return -1;
+ return -EINVAL;
}
DEBUGPC(DMI, "%s='%s' ", ipaccess_idtag_name(t_tag), cur);
@@ -251,7 +251,7 @@ static int ipaccess_rcvmsg(struct e1inp_line *line, struct msgb *msg,
u_int16_t site_id = 0, bts_id = 0, trx_id = 0;
struct gsm_bts *bts;
char *unitid;
- int len;
+ int len, ret;
/* handle base messages */
ipaccess_rcvmsg_base(msg, bfd);
@@ -260,10 +260,14 @@ static int ipaccess_rcvmsg(struct e1inp_line *line, struct msgb *msg,
case IPAC_MSGT_ID_RESP:
DEBUGP(DMI, "ID_RESP ");
/* parse tags, search for Unit ID */
- ipaccess_idtag_parse(&tlvp, (u_int8_t *)msg->l2h + 2,
- msgb_l2len(msg)-2);
+ ret = ipaccess_idtag_parse(&tlvp, (u_int8_t *)msg->l2h + 2,
+ msgb_l2len(msg)-2);
DEBUGP(DMI, "\n");
-
+ if (ret < 0) {
+ LOGP(DINP, LOGL_ERROR, "ignoring IPA response message "
+ "with malformed TLVs\n");
+ return ret;
+ }
if (!TLVP_PRESENT(&tlvp, IPAC_IDTAG_UNIT))
break;
diff --git a/openbsc/src/osmo-bsc_nat/bsc_nat.c b/openbsc/src/osmo-bsc_nat/bsc_nat.c
index 75862941a..8c164a270 100644
--- a/openbsc/src/osmo-bsc_nat/bsc_nat.c
+++ b/openbsc/src/osmo-bsc_nat/bsc_nat.c
@@ -1019,9 +1019,15 @@ exit:
/* do we know who is handling this? */
if (msg->l2h[0] == IPAC_MSGT_ID_RESP) {
struct tlv_parsed tvp;
- ipaccess_idtag_parse(&tvp,
+ int ret;
+ ret = ipaccess_idtag_parse(&tvp,
(unsigned char *) msg->l2h + 2,
msgb_l2len(msg) - 2);
+ if (ret < 0) {
+ LOGP(DNAT, LOGL_ERROR, "ignoring IPA response "
+ "message with malformed TLVs\n");
+ return ret;
+ }
if (TLVP_PRESENT(&tvp, IPAC_IDTAG_UNITNAME))
ipaccess_auth_bsc(&tvp, bsc);
}
diff --git a/openbsc/src/osmo-bsc_nat/bsc_ussd.c b/openbsc/src/osmo-bsc_nat/bsc_ussd.c
index af123407a..fd38f7800 100644
--- a/openbsc/src/osmo-bsc_nat/bsc_ussd.c
+++ b/openbsc/src/osmo-bsc_nat/bsc_ussd.c
@@ -123,9 +123,15 @@ static int ussd_read_cb(struct bsc_fd *bfd)
if (hh->proto == IPAC_PROTO_IPACCESS) {
if (msg->l2h[0] == IPAC_MSGT_ID_RESP) {
struct tlv_parsed tvp;
- ipaccess_idtag_parse(&tvp,
+ int ret;
+ ret = ipaccess_idtag_parse(&tvp,
(unsigned char *) msg->l2h + 2,
msgb_l2len(msg) - 2);
+ if (ret < 0) {
+ LOGP(DNAT, LOGL_ERROR, "ignoring IPA response "
+ "message with malformed TLVs\n");
+ return ret;
+ }
if (TLVP_PRESENT(&tvp, IPAC_IDTAG_UNITNAME))
ussd_auth_con(&tvp, conn);
}