diff options
author | Holger Hans Peter Freyther <zecke@selfish.org> | 2010-05-15 23:52:21 +0800 |
---|---|---|
committer | Holger Hans Peter Freyther <zecke@selfish.org> | 2010-05-15 23:55:28 +0800 |
commit | 45bb8bfc1a14676bd6c599eff7980bc3f141f99e (patch) | |
tree | 5b91b1c92790c06a39cbad5f88089e2864630c61 /openbsc/src/bsc_msc_ip.c | |
parent | 57900f00088e99731ad0d22cb1701eaa22cc25f0 (diff) |
gsm48: Add size checks to the paging response mi parsing.
We go from no size checks to some content checking. We should
refactor the whole classmark2 + mi parsing that is used throughout
the code into one place with proper size checking. This is the
start and requires a new libosmocore as well.
Diffstat (limited to 'openbsc/src/bsc_msc_ip.c')
-rw-r--r-- | openbsc/src/bsc_msc_ip.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/openbsc/src/bsc_msc_ip.c b/openbsc/src/bsc_msc_ip.c index bfd9138ee..34e4fe34d 100644 --- a/openbsc/src/bsc_msc_ip.c +++ b/openbsc/src/bsc_msc_ip.c @@ -365,7 +365,14 @@ static int handle_paging_response(struct msgb *msg) char mi_string[GSM48_MI_SIZE]; u_int8_t mi_type; - gsm48_paging_extract_mi(msg, mi_string, &mi_type); + struct gsm48_hdr *hdr; + struct gsm48_pag_resp *resp; + + hdr = msgb_l3(msg); + resp = (struct gsm48_pag_resp *) &hdr->data[0]; + + gsm48_paging_extract_mi(resp, msgb_l3len(msg) - sizeof(*hdr), + mi_string, &mi_type); LOGP(DMSC, LOGL_DEBUG, "PAGING RESPONSE: mi_type=0x%02x MI(%s)\n", mi_type, mi_string); |