diff options
author | Pablo Neira Ayuso <pablo@gnumonks.org> | 2011-04-11 16:32:50 +0200 |
---|---|---|
committer | Harald Welte <laforge@gnumonks.org> | 2011-04-12 21:50:46 +0200 |
commit | ca05d432d71cd940e6da9af1930096aaab47f897 (patch) | |
tree | 94877c0c490939ebf71f390e98b7933ec22d046c /openbsc/src/osmo-bsc_nat | |
parent | 0d20b635749dea8f056245f283ce571e65d8c2c7 (diff) |
src: more robust ipaccess_idtag_parse()
Now ipaccess_idtag_parse() returns -EINVAL instead of -1. We also
check for the return value of this function in every invocation to
skip further processing in case of messages with malformed TLVs.
This idea was suggested by Zecke.
Diffstat (limited to 'openbsc/src/osmo-bsc_nat')
-rw-r--r-- | openbsc/src/osmo-bsc_nat/bsc_nat.c | 8 | ||||
-rw-r--r-- | openbsc/src/osmo-bsc_nat/bsc_ussd.c | 8 |
2 files changed, 14 insertions, 2 deletions
diff --git a/openbsc/src/osmo-bsc_nat/bsc_nat.c b/openbsc/src/osmo-bsc_nat/bsc_nat.c index 75862941a..8c164a270 100644 --- a/openbsc/src/osmo-bsc_nat/bsc_nat.c +++ b/openbsc/src/osmo-bsc_nat/bsc_nat.c @@ -1019,9 +1019,15 @@ exit: /* do we know who is handling this? */ if (msg->l2h[0] == IPAC_MSGT_ID_RESP) { struct tlv_parsed tvp; - ipaccess_idtag_parse(&tvp, + int ret; + ret = ipaccess_idtag_parse(&tvp, (unsigned char *) msg->l2h + 2, msgb_l2len(msg) - 2); + if (ret < 0) { + LOGP(DNAT, LOGL_ERROR, "ignoring IPA response " + "message with malformed TLVs\n"); + return ret; + } if (TLVP_PRESENT(&tvp, IPAC_IDTAG_UNITNAME)) ipaccess_auth_bsc(&tvp, bsc); } diff --git a/openbsc/src/osmo-bsc_nat/bsc_ussd.c b/openbsc/src/osmo-bsc_nat/bsc_ussd.c index af123407a..fd38f7800 100644 --- a/openbsc/src/osmo-bsc_nat/bsc_ussd.c +++ b/openbsc/src/osmo-bsc_nat/bsc_ussd.c @@ -123,9 +123,15 @@ static int ussd_read_cb(struct bsc_fd *bfd) if (hh->proto == IPAC_PROTO_IPACCESS) { if (msg->l2h[0] == IPAC_MSGT_ID_RESP) { struct tlv_parsed tvp; - ipaccess_idtag_parse(&tvp, + int ret; + ret = ipaccess_idtag_parse(&tvp, (unsigned char *) msg->l2h + 2, msgb_l2len(msg) - 2); + if (ret < 0) { + LOGP(DNAT, LOGL_ERROR, "ignoring IPA response " + "message with malformed TLVs\n"); + return ret; + } if (TLVP_PRESENT(&tvp, IPAC_IDTAG_UNITNAME)) ussd_auth_con(&tvp, conn); } |