diff options
| author | Neels Hofmeyr <neels@hofmeyr.de> | 2018-03-10 03:44:06 +0100 |
|---|---|---|
| committer | Neels Hofmeyr <neels@hofmeyr.de> | 2018-03-10 22:14:01 +0100 |
| commit | 25f69d56157a0d68d307728efc991bfbab09cff0 (patch) | |
| tree | 4a404971cfba6cac73faa0194f5fc439cd233bf9 | |
| parent | 8e0af0ba69cf03fb4743933bd84504388020a41b (diff) | |
gsm48_rx_mm_auth_resp(): pass is_r99 from classmark, not response size
Do not interpret the SRES/RES length returned in the auth response as the R99
capability bit, instead determine it from the actual Classmark information
associated with the conn.
This fixes the is_r99 flag passed in to vlr_subscr_rx_auth_resp(), which ends
up in the struct vlr_auth_resp_par dispatched to the auth_fi and influences the
authentication acceptance.
Though the effect of a wrongly-set-to-false R99 flag is not harmful in this
code path, let's not get this confused.
Change-Id: Ib7f7d89a8b9455d2c022d53d74328fa7488577f4
| -rw-r--r-- | src/libmsc/gsm_04_08.c | 18 |
1 files changed, 8 insertions, 10 deletions
diff --git a/src/libmsc/gsm_04_08.c b/src/libmsc/gsm_04_08.c index ceef2d825..4564f8efa 100644 --- a/src/libmsc/gsm_04_08.c +++ b/src/libmsc/gsm_04_08.c @@ -952,7 +952,7 @@ static int gsm48_rx_mm_auth_resp(struct gsm_subscriber_connection *conn, struct uint8_t res[16]; uint8_t res_len; int rc; - bool is_r99; + bool is_umts; if (!conn->vsub) { LOGP(DMM, LOGL_ERROR, @@ -961,30 +961,28 @@ static int gsm48_rx_mm_auth_resp(struct gsm_subscriber_connection *conn, struct return -EINVAL; } - if (msgb_l3len(msg) > - sizeof(struct gsm48_hdr) + sizeof(struct gsm48_auth_resp)) { + is_umts = (msgb_l3len(msg) > sizeof(struct gsm48_hdr) + sizeof(struct gsm48_auth_resp)); + + if (is_umts) rc = parse_umts_auth_resp(res, &res_len, conn, msg); - is_r99 = true; - } else { + else rc = parse_gsm_auth_resp(res, &res_len, conn, msg); - is_r99 = false; - } if (rc) { LOGP(DMM, LOGL_ERROR, "%s: MM AUTHENTICATION RESPONSE: invalid: parsing %s AKA Auth Response" " failed with rc=%d; dispatching zero length SRES/RES to trigger failure\n", - vlr_subscr_name(conn->vsub), is_r99 ? "UMTS" : "GSM", rc); + vlr_subscr_name(conn->vsub), is_umts ? "UMTS" : "GSM", rc); memset(res, 0, sizeof(res)); res_len = 0; } DEBUGP(DMM, "%s: MM %s AUTHENTICATION RESPONSE (%s = %s)\n", vlr_subscr_name(conn->vsub), - is_r99 ? "R99" : "GSM", is_r99 ? "res" : "sres", + is_umts ? "R99" : "GSM", is_umts ? "res" : "sres", osmo_hexdump_nospc(res, res_len)); - return vlr_subscr_rx_auth_resp(conn->vsub, is_r99, + return vlr_subscr_rx_auth_resp(conn->vsub, classmark_is_r99(&conn->classmark), conn->via_ran == RAN_UTRAN_IU, res, res_len); } |