diff options
author | Neels Hofmeyr <nhofmeyr@sysmocom.de> | 2016-03-14 16:15:02 +0100 |
---|---|---|
committer | Holger Hans Peter Freyther <holger@moiji-mobile.com> | 2016-03-15 14:26:00 +0100 |
commit | 10cd11345c2dd3f38793e7dd7456e7882ab95dd9 (patch) | |
tree | 323a66f3a8d1ef668cd50914ed32c442ad9aa08d /openbsc/src/osmo-bsc | |
parent | 8c515272c3e82c2400b15b5bfefa9dd883b86b96 (diff) |
bsc_scan_msc_msg: check protocol discriminator
The function assumed an MM protocol discriminator without verifying it.
Diffstat (limited to 'openbsc/src/osmo-bsc')
-rw-r--r-- | openbsc/src/osmo-bsc/osmo_bsc_filter.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/openbsc/src/osmo-bsc/osmo_bsc_filter.c b/openbsc/src/osmo-bsc/osmo_bsc_filter.c index a71871f77..14e0b7144 100644 --- a/openbsc/src/osmo-bsc/osmo_bsc_filter.c +++ b/openbsc/src/osmo-bsc/osmo_bsc_filter.c @@ -336,6 +336,7 @@ int bsc_scan_msc_msg(struct gsm_subscriber_connection *conn, struct msgb *msg) struct gsm_network *net; struct gsm48_loc_area_id *lai; struct gsm48_hdr *gh; + uint8_t pdisc; uint8_t mtype; int length = msgb_l3len(msg); @@ -347,6 +348,10 @@ int bsc_scan_msc_msg(struct gsm_subscriber_connection *conn, struct msgb *msg) gh = (struct gsm48_hdr *) msgb_l3(msg); length -= (const char *)&gh->data[0] - (const char *)gh; + pdisc = gsm48_hdr_pdisc(gh); + if (pdisc != GSM48_PDISC_MM) + return 0; + mtype = gsm48_hdr_msg_type(gh); net = conn->bts->network; msc = conn->sccp_con->msc; |