diff options
author | Neels Hofmeyr <neels@hofmeyr.de> | 2018-03-10 03:32:18 +0100 |
---|---|---|
committer | Neels Hofmeyr <neels@hofmeyr.de> | 2018-03-10 22:12:13 +0100 |
commit | 8e0af0ba69cf03fb4743933bd84504388020a41b (patch) | |
tree | 31c2cf7528a0b8a84285dd2b5e2b8f810f82c3b6 /src/libmsc/gsm_04_08.c | |
parent | 7795a19ced9380f38c4e689742a3ae59a1fef453 (diff) |
vlr auth: gracefully reject malformed auth response
Instead of just closing down the conn hard, actually feed invalid auth response
data to vlr_subscr_rc_auth_resp() in order to trigger all the actions we want
to see with a failed authentication:
- a GSUP signal that the auth failed,
- a LU reject.
Verify this in new test_wrong_sres_length() in msc_vlr_test_gsm_authen.c.
Note that in gsm48_rx_mm_auth_resp(), the is_r99 flag is falsely derived from
the RES length, which upcoming commit Ib7f7d89a8b9455d2c022d53d74328fa7488577f4
will fix.
Change-Id: I4179a290069ac61d0662de4ec7ca3edb76988899
Diffstat (limited to 'src/libmsc/gsm_04_08.c')
-rw-r--r-- | src/libmsc/gsm_04_08.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/src/libmsc/gsm_04_08.c b/src/libmsc/gsm_04_08.c index f87a4c65a..ceef2d825 100644 --- a/src/libmsc/gsm_04_08.c +++ b/src/libmsc/gsm_04_08.c @@ -971,8 +971,12 @@ static int gsm48_rx_mm_auth_resp(struct gsm_subscriber_connection *conn, struct } if (rc) { - msc_subscr_conn_close(conn, GSM_CAUSE_AUTH_FAILED); - return -EINVAL; + LOGP(DMM, LOGL_ERROR, + "%s: MM AUTHENTICATION RESPONSE: invalid: parsing %s AKA Auth Response" + " failed with rc=%d; dispatching zero length SRES/RES to trigger failure\n", + vlr_subscr_name(conn->vsub), is_r99 ? "UMTS" : "GSM", rc); + memset(res, 0, sizeof(res)); + res_len = 0; } DEBUGP(DMM, "%s: MM %s AUTHENTICATION RESPONSE (%s = %s)\n", |