diff options
Diffstat (limited to 'openbsc')
-rw-r--r-- | openbsc/include/openbsc/gprs_sgsn.h | 9 | ||||
-rw-r--r-- | openbsc/src/gprs/gprs_gmm.c | 2 |
2 files changed, 9 insertions, 2 deletions
diff --git a/openbsc/include/openbsc/gprs_sgsn.h b/openbsc/include/openbsc/gprs_sgsn.h index 97a6b7d77..2c5cdd324 100644 --- a/openbsc/include/openbsc/gprs_sgsn.h +++ b/openbsc/include/openbsc/gprs_sgsn.h @@ -89,7 +89,14 @@ struct sgsn_mm_ctx { uint8_t len; } ms_radio_access_capa; struct { - uint8_t buf[4]; /* 10.5.5.12 */ + /* TS 23.060 version 9.7.0 Release 9 section 6.14.2 + * states: To allow for the addition of future features, + * the SGSN shall store the UE Network Capability and + * the MS Network Capability even if either or both is + * larger than specified in TS 24.008 [13]/TS 24.301 + * [102], up to a maximum size of 32 octets for each IE. + */ + uint8_t buf[32]; /* 10.5.5.12 */ uint8_t len; } ms_network_capa; uint16_t drx_parms; diff --git a/openbsc/src/gprs/gprs_gmm.c b/openbsc/src/gprs/gprs_gmm.c index 8a1dff5e1..2f1f99d0c 100644 --- a/openbsc/src/gprs/gprs_gmm.c +++ b/openbsc/src/gprs/gprs_gmm.c @@ -644,7 +644,7 @@ static int gsm48_rx_gmm_att_req(struct sgsn_mm_ctx *ctx, struct msgb *msg, /* MS network capability 10.5.5.12 */ msnc_len = *cur++; msnc = cur; - if (msnc_len > 8) + if (msnc_len > 32) goto err_inval; cur += msnc_len; |