vlr auth: gracefully reject malformed auth response

Instead of just closing down the conn hard, actually feed invalid auth response data to vlr_subscr_rc_auth_resp() in order to trigger all the actions we want to see with a failed authentication: - a GSUP signal that the auth failed, - a LU reject. Verify this in new test_wrong_sres_length() in msc_vlr_test_gsm_authen.c. Note that in gsm48_rx_mm_auth_resp(), the is_r99 flag is falsely derived from the RES length, which upcoming commit Ib7f7d89a8b9455d2c022d53d74328fa7488577f4 will fix. Change-Id: I4179a290069ac61d0662de4ec7ca3edb76988899
author: Neels Hofmeyr <neels@hofmeyr.de> 2018-03-10 03:32:18 +0100
committer: Neels Hofmeyr <neels@hofmeyr.de> 2018-03-10 22:12:13 +0100
commit: 8e0af0ba69cf03fb4743933bd84504388020a41b (patch)
tree: 31c2cf7528a0b8a84285dd2b5e2b8f810f82c3b6 /src/libmsc/gsm_04_08.c
parent: 7795a19ced9380f38c4e689742a3ae59a1fef453 (diff)
1 files changed, 6 insertions, 2 deletions
diff --git a/src/libmsc/gsm_04_08.c b/src/libmsc/gsm_04_08.c
index f87a4c65a..ceef2d825 100644
--- a/src/libmsc/gsm_04_08.c
+++ b/src/libmsc/gsm_04_08.c
@@ -971,8 +971,12 @@ static int gsm48_rx_mm_auth_resp(struct gsm_subscriber_connection *conn, struct
 	}
 
 	if (rc) {
-		msc_subscr_conn_close(conn, GSM_CAUSE_AUTH_FAILED);
-		return -EINVAL;
+		LOGP(DMM, LOGL_ERROR,
+		     "%s: MM AUTHENTICATION RESPONSE: invalid: parsing %s AKA Auth Response"
+		     " failed with rc=%d; dispatching zero length SRES/RES to trigger failure\n",
+		     vlr_subscr_name(conn->vsub), is_r99 ? "UMTS" : "GSM", rc);
+		memset(res, 0, sizeof(res));
+		res_len = 0;
 	}
 
 	DEBUGP(DMM, "%s: MM %s AUTHENTICATION RESPONSE (%s = %s)\n",
author	Neels Hofmeyr <neels@hofmeyr.de>	2018-03-10 03:32:18 +0100
committer	Neels Hofmeyr <neels@hofmeyr.de>	2018-03-10 22:12:13 +0100
commit	8e0af0ba69cf03fb4743933bd84504388020a41b (patch)
tree	31c2cf7528a0b8a84285dd2b5e2b8f810f82c3b6 /src/libmsc/gsm_04_08.c
parent	7795a19ced9380f38c4e689742a3ae59a1fef453 (diff)