From 858736ae8e5f52253775dd1bf7704a44bb62b6cb Mon Sep 17 00:00:00 2001 From: Harald Welte Date: Sun, 16 Oct 2011 20:16:56 +0200 Subject: GPRS: Allow MS Network Capability of up to 32 bytes TS 23.060 version 9.7.0 Release 9 section 6.14.2 states: To allow for the addition of future features, the SGSN shall store the UE Network Capability and the MS Network Capability even if either or both is larger than specified in TS 24.008 [13]/TS 24.301 [102], up to a maximum size of 32 octets for each IE. Thanks to Jonathan Santos for spotting this. --- openbsc/include/openbsc/gprs_sgsn.h | 9 ++++++++- openbsc/src/gprs/gprs_gmm.c | 2 +- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/openbsc/include/openbsc/gprs_sgsn.h b/openbsc/include/openbsc/gprs_sgsn.h index 97a6b7d77..2c5cdd324 100644 --- a/openbsc/include/openbsc/gprs_sgsn.h +++ b/openbsc/include/openbsc/gprs_sgsn.h @@ -89,7 +89,14 @@ struct sgsn_mm_ctx { uint8_t len; } ms_radio_access_capa; struct { - uint8_t buf[4]; /* 10.5.5.12 */ + /* TS 23.060 version 9.7.0 Release 9 section 6.14.2 + * states: To allow for the addition of future features, + * the SGSN shall store the UE Network Capability and + * the MS Network Capability even if either or both is + * larger than specified in TS 24.008 [13]/TS 24.301 + * [102], up to a maximum size of 32 octets for each IE. + */ + uint8_t buf[32]; /* 10.5.5.12 */ uint8_t len; } ms_network_capa; uint16_t drx_parms; diff --git a/openbsc/src/gprs/gprs_gmm.c b/openbsc/src/gprs/gprs_gmm.c index 8a1dff5e1..2f1f99d0c 100644 --- a/openbsc/src/gprs/gprs_gmm.c +++ b/openbsc/src/gprs/gprs_gmm.c @@ -644,7 +644,7 @@ static int gsm48_rx_gmm_att_req(struct sgsn_mm_ctx *ctx, struct msgb *msg, /* MS network capability 10.5.5.12 */ msnc_len = *cur++; msnc = cur; - if (msnc_len > 8) + if (msnc_len > 32) goto err_inval; cur += msnc_len; -- cgit v1.2.3