diff options
author | Holger Hans Peter Freyther <zecke@selfish.org> | 2013-04-22 10:54:02 +0200 |
---|---|---|
committer | Holger Hans Peter Freyther <zecke@selfish.org> | 2013-04-22 10:54:32 +0200 |
commit | 2bc90c274d58a1c1afcd7d8618a7af5e06208039 (patch) | |
tree | 0d122e954fc4f229e2c6b70ffd069cf6f7de83dc /openbsc/src/osmo-bsc_nat | |
parent | ab22335378b80cc6179ae16a55daa0dc0f04e248 (diff) |
nat: Use memcmp for the token on the USSD interface as well
This is similar to the token on the A-interface. There are no more
token based authentication in the NAT.
Diffstat (limited to 'openbsc/src/osmo-bsc_nat')
-rw-r--r-- | openbsc/src/osmo-bsc_nat/bsc_ussd.c | 19 |
1 files changed, 13 insertions, 6 deletions
diff --git a/openbsc/src/osmo-bsc_nat/bsc_ussd.c b/openbsc/src/osmo-bsc_nat/bsc_ussd.c index f6dbef2b9..f972ba5ef 100644 --- a/openbsc/src/osmo-bsc_nat/bsc_ussd.c +++ b/openbsc/src/osmo-bsc_nat/bsc_ussd.c @@ -159,12 +159,13 @@ static void ussd_auth_con(struct tlv_parsed *tvp, struct bsc_nat_ussd_con *conn) token = (const char *) TLVP_VAL(tvp, IPAC_IDTAG_UNITNAME); len = TLVP_LEN(tvp, IPAC_IDTAG_UNITNAME); - if (strncmp(conn->nat->ussd_token, token, len) != 0) { - LOGP(DNAT, LOGL_ERROR, "Wrong USSD token by client: %d\n", - conn->queue.bfd.fd); - bsc_nat_ussd_destroy(conn); - return; - } + + /* last byte should be a NULL */ + if (strlen(conn->nat->ussd_token) != len - 1) + goto disconnect; + /* compare everything including the null byte */ + if (memcmp(conn->nat->ussd_token, token, len) != 0) + goto disconnect; /* it is authenticated now */ if (conn->nat->ussd_con && conn->nat->ussd_con != conn) @@ -174,6 +175,12 @@ static void ussd_auth_con(struct tlv_parsed *tvp, struct bsc_nat_ussd_con *conn) osmo_timer_del(&conn->auth_timeout); conn->authorized = 1; conn->nat->ussd_con = conn; + return; + +disconnect: + LOGP(DNAT, LOGL_ERROR, "Wrong USSD token by client: %d\n", + conn->queue.bfd.fd); + bsc_nat_ussd_destroy(conn); } static void ussd_start_auth(struct bsc_nat_ussd_con *conn) |