From patchwork Mon Mar 14 15:15:02 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Neels Hofmeyr X-Patchwork-Id: 597093 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.osmocom.org (lists.osmocom.org [IPv6:2a01:4f8:191:444b::2:7]) by ozlabs.org (Postfix) with ESMTP id 3qP1Y80NB5z9snl for ; Tue, 15 Mar 2016 02:16:12 +1100 (AEDT) Received: from lists.osmocom.org (lists.osmocom.org [144.76.43.76]) by lists.osmocom.org (Postfix) with ESMTP id 99EC61ACCA; Mon, 14 Mar 2016 15:16:10 +0000 (UTC) X-Original-To: openbsc@lists.osmocom.org Delivered-To: openbsc@lists.osmocom.org Received: from einhorn.in-berlin.de (einhorn.in-berlin.de [IPv6:2001:bf0:c000::1:8]) by lists.osmocom.org (Postfix) with ESMTP id 2A1541ACBB for ; Mon, 14 Mar 2016 15:16:09 +0000 (UTC) X-Envelope-From: nhofmeyr@sysmocom.de X-Envelope-To: Received: from localhost (gw-01.freifunk.isp.faust2k.net [87.128.109.145]) (authenticated bits=0) by einhorn.in-berlin.de (8.14.4/8.14.4/Debian-4) with ESMTP id u2EFG8mv026389 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 14 Mar 2016 16:16:08 +0100 From: Neels Hofmeyr To: openbsc@lists.osmocom.org Subject: [PATCH] bsc_scan_msc_msg: check protocol discriminator Date: Mon, 14 Mar 2016 16:15:02 +0100 Message-Id: <1457968502-16019-1-git-send-email-nhofmeyr@sysmocom.de> X-Mailer: git-send-email 2.1.4 X-BeenThere: openbsc@lists.osmocom.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Development of OpenBSC, OsmoBSC, OsmoNITB, OsmoCSCN" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openbsc-bounces@lists.osmocom.org Sender: "OpenBSC" The function assumed an MM protocol discriminator without verifying it. --- openbsc/src/osmo-bsc/osmo_bsc_filter.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/openbsc/src/osmo-bsc/osmo_bsc_filter.c b/openbsc/src/osmo-bsc/osmo_bsc_filter.c index a71871f..14e0b71 100644 --- a/openbsc/src/osmo-bsc/osmo_bsc_filter.c +++ b/openbsc/src/osmo-bsc/osmo_bsc_filter.c @@ -336,6 +336,7 @@ int bsc_scan_msc_msg(struct gsm_subscriber_connection *conn, struct msgb *msg) struct gsm_network *net; struct gsm48_loc_area_id *lai; struct gsm48_hdr *gh; + uint8_t pdisc; uint8_t mtype; int length = msgb_l3len(msg); @@ -347,6 +348,10 @@ int bsc_scan_msc_msg(struct gsm_subscriber_connection *conn, struct msgb *msg) gh = (struct gsm48_hdr *) msgb_l3(msg); length -= (const char *)&gh->data[0] - (const char *)gh; + pdisc = gsm48_hdr_pdisc(gh); + if (pdisc != GSM48_PDISC_MM) + return 0; + mtype = gsm48_hdr_msg_type(gh); net = conn->bts->network; msc = conn->sccp_con->msc;