cellular-infrastructure
/
osmo-msc
mirror of https://gerrit.osmocom.org/osmo-msc
9
0
Fork 0
Code Issues Releases Wiki Activity

gbproxy/sgsn: Enforce termination when creating a P-TMSI/TLLI 

Currently the number of iterations when creating a P-TMSI/TLLI is not
limited. It is nevertheless very unlikely that the loop will not
terminate. On the other hand, the number of iterations of every loop
should have an upper bound (loop variant) which wouldn't be the case
here if an arbitrary random generator was used.

This patch limits the number of iterations to 23 and logs an error if
the creation of the indentifier was aborted due to this limit.

Sponsored-by: On-Waves ehf
This commit is contained in:
Jacob Erlbeck 2014-09-19 09:28:42 +02:00 committed by Holger Hans Peter Freyther
parent e27ab916d6
commit 08fbeb8fa4
2 changed files with 20 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
openbsc/src/gprs/gb_proxy.c
View File

@ -226,6 +226,7 @@ uint32_t gbproxy_make_bss_ptmsi(struct gbproxy_peer *peer,
uint32_t sgsn_ptmsi)
{
uint32_t bss_ptmsi;
int max_retries = 23;
if (!peer->cfg->patch_ptmsi) {
bss_ptmsi = sgsn_ptmsi;
} else {
@ -235,9 +236,12 @@ uint32_t gbproxy_make_bss_ptmsi(struct gbproxy_peer *peer,
if (gbproxy_find_tlli_by_ptmsi(peer, bss_ptmsi))
bss_ptmsi = GSM_RESERVED_TMSI;
} while (bss_ptmsi == GSM_RESERVED_TMSI);
} while (bss_ptmsi == GSM_RESERVED_TMSI && max_retries--);
}
if (bss_ptmsi == GSM_RESERVED_TMSI)
LOGP(DGPRS, LOGL_ERROR, "Failed to allocate a BSS P-TMSI\n");
return bss_ptmsi;
}
@ -246,6 +250,7 @@ uint32_t gbproxy_make_sgsn_tlli(struct gbproxy_peer *peer,
uint32_t bss_tlli)
{
uint32_t sgsn_tlli;
int max_retries = 23;
if (!peer->cfg->patch_ptmsi) {
sgsn_tlli = bss_tlli;
} else if (tlli_info->sgsn_tlli.ptmsi != GSM_RESERVED_TMSI) {
@ -259,8 +264,12 @@ uint32_t gbproxy_make_sgsn_tlli(struct gbproxy_peer *peer,
if (gbproxy_find_tlli_by_any_sgsn_tlli(peer, sgsn_tlli))
sgsn_tlli = 0;
} while (!sgsn_tlli);
} while (!sgsn_tlli && max_retries--);
}
if (!sgsn_tlli)
LOGP(DGPRS, LOGL_ERROR, "Failed to allocate an SGSN TLLI\n");
return sgsn_tlli;
}

10
openbsc/src/gprs/gprs_sgsn.c
View File

@ -359,15 +359,23 @@ uint32_t sgsn_alloc_ptmsi(void)
{
struct sgsn_mm_ctx *mm;
uint32_t ptmsi;
int max_retries = 23;
restart:
ptmsi = rand() | 0xC0000000;
llist_for_each_entry(mm, &sgsn_mm_ctxts, list) {
if (mm->p_tmsi == ptmsi)
if (mm->p_tmsi == ptmsi) {
if (!max_retries--)
goto failed;
goto restart;
}
}
return ptmsi;
failed:
LOGP(DGPRS, LOGL_ERROR, "Failed to allocate a P-TMSI\n");
return GSM_RESERVED_TMSI;
}
static void drop_one_pdp(struct sgsn_pdp_ctx *pdp)