From 5718429ec99f185efe2e733463700b8997f66b61 Mon Sep 17 00:00:00 2001
From: Harald Welte <laforge@gnumonks.org>
Date: Mon, 22 Jan 2018 01:49:02 +0100
Subject: MNCC: Add input validation

There appears to have been no input validation whatsoever on MNCC
messages.  Hence it was very easy for an external MNCC handler to
crash OsmoMSC, such as in OS#2853

Change-Id: Idaf3b8e409c84564b1eb26d01a19c605f89b14f4
Closes: OS#2853
---
 src/libmsc/mncc_sock.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'src/libmsc/mncc_sock.c')

diff --git a/src/libmsc/mncc_sock.c b/src/libmsc/mncc_sock.c
index b6b1bc9d9..14613ca2c 100644
--- a/src/libmsc/mncc_sock.c
+++ b/src/libmsc/mncc_sock.c
@@ -123,8 +123,11 @@ static int mncc_sock_read(struct osmo_fd *bfd)
 			return 0;
 		goto close;
 	}
+	msgb_put(msg, rc);
 
-	rc = mncc_tx_to_cc(state->net, mncc_prim->msg_type, mncc_prim);
+	rc = mncc_prim_check(mncc_prim, rc);
+	if (rc == 0)
+		rc = mncc_tx_to_cc(state->net, mncc_prim->msg_type, mncc_prim);
 
 	/* as we always synchronously process the message in mncc_send() and
 	 * its callbacks, we can free the message here. */
-- 
cgit v1.2.3