bsc_scan_msc_msg: check protocol discriminator
diff mbox

Message ID 1457968502-16019-1-git-send-email-nhofmeyr@sysmocom.de
State New
Headers show

Commit Message

Neels Hofmeyr March 14, 2016, 3:15 p.m. UTC
The function assumed an MM protocol discriminator without verifying it.
---
 openbsc/src/osmo-bsc/osmo_bsc_filter.c | 5 +++++
 1 file changed, 5 insertions(+)

Comments

Holger Freyther March 14, 2016, 5 p.m. UTC | #1
> On 14 Mar 2016, at 16:15, Neels Hofmeyr <nhofmeyr@sysmocom.de> wrote:
> 
> The function assumed an MM protocol discriminator without verifying it.

test?

Patch
diff mbox

diff --git a/openbsc/src/osmo-bsc/osmo_bsc_filter.c b/openbsc/src/osmo-bsc/osmo_bsc_filter.c
index a71871f..14e0b71 100644
--- a/openbsc/src/osmo-bsc/osmo_bsc_filter.c
+++ b/openbsc/src/osmo-bsc/osmo_bsc_filter.c
@@ -336,6 +336,7 @@  int bsc_scan_msc_msg(struct gsm_subscriber_connection *conn, struct msgb *msg)
 	struct gsm_network *net;
 	struct gsm48_loc_area_id *lai;
 	struct gsm48_hdr *gh;
+	uint8_t pdisc;
 	uint8_t mtype;
 	int length = msgb_l3len(msg);
 
@@ -347,6 +348,10 @@  int bsc_scan_msc_msg(struct gsm_subscriber_connection *conn, struct msgb *msg)
 	gh = (struct gsm48_hdr *) msgb_l3(msg);
 	length -= (const char *)&gh->data[0] - (const char *)gh;
 
+	pdisc = gsm48_hdr_pdisc(gh);
+	if (pdisc != GSM48_PDISC_MM)
+		return 0;
+
 	mtype = gsm48_hdr_msg_type(gh);
 	net = conn->bts->network;
 	msc = conn->sccp_con->msc;