diff options
author | Stefan Sperling <ssperling@sysmocom.de> | 2018-06-25 12:17:39 +0200 |
---|---|---|
committer | Stefan Sperling <ssperling@sysmocom.de> | 2018-06-25 13:02:06 +0200 |
commit | 3df1532e97c5c774a4abefffc2d62b8cc2d468da (patch) | |
tree | 04965cd32696138abaef711b1ee8210c340390f2 | |
parent | e176a4d047f1bc55707d2d01a95481cac458c446 (diff) |
check bssgp_tlv_parse() return code in gprs_bssgp_pcu_rcvmsg()
The return code from bssgp_tlv_parse() was not checked for a parsing
error. In case of a parsing error the stored return code could have
been overwritten later in this function.
Explicitly check for a parsing error, log corresponding packets,
and return an "invalid mandatory information" error status to
the sender. To avoid loops, do not respond with an error status
to STATUS PDUs.
Change-Id: I56e10a97cda7fd2d40bc7b4b2e6202f97772e1b3
Related: OS#3178
-rw-r--r-- | src/gprs_bssgp_pcu.cpp | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/src/gprs_bssgp_pcu.cpp b/src/gprs_bssgp_pcu.cpp index 1524fb3e..100e33d2 100644 --- a/src/gprs_bssgp_pcu.cpp +++ b/src/gprs_bssgp_pcu.cpp @@ -388,6 +388,13 @@ static int gprs_bssgp_pcu_rcvmsg(struct msgb *msg) data_len = msgb_bssgp_len(msg) - sizeof(*budh); rc = bssgp_tlv_parse(&tp, budh->data, data_len); } + if (rc < 0) { + LOGP(DBSSGP, LOGL_ERROR, "Failed to parse BSSGP %s message. Invalid message was: %s\n", + bssgp_pdu_str(pdu_type), msgb_hexdump(msg)); + if (pdu_type != BSSGP_PDUT_STATUS) + return bssgp_tx_status(BSSGP_CAUSE_INV_MAND_INF, NULL, msg); + return rc; + } if (pdu_type == BSSGP_PDUT_BVC_RESET) { rc = bssgp_rcvmsg(msg); |