gbproxy/sgsn: Enforce termination when creating a P-TMSI/TLLI
Currently the number of iterations when creating a P-TMSI/TLLI is not limited. It is nevertheless very unlikely that the loop will not terminate. On the other hand, the number of iterations of every loop should have an upper bound (loop variant) which wouldn't be the case here if an arbitrary random generator was used. This patch limits the number of iterations to 23 and logs an error if the creation of the indentifier was aborted due to this limit. Sponsored-by: On-Waves ehf
This commit is contained in:
parent
e27ab916d6
commit
08fbeb8fa4
|
@ -226,6 +226,7 @@ uint32_t gbproxy_make_bss_ptmsi(struct gbproxy_peer *peer,
|
|||
uint32_t sgsn_ptmsi)
|
||||
{
|
||||
uint32_t bss_ptmsi;
|
||||
int max_retries = 23;
|
||||
if (!peer->cfg->patch_ptmsi) {
|
||||
bss_ptmsi = sgsn_ptmsi;
|
||||
} else {
|
||||
|
@ -235,9 +236,12 @@ uint32_t gbproxy_make_bss_ptmsi(struct gbproxy_peer *peer,
|
|||
|
||||
if (gbproxy_find_tlli_by_ptmsi(peer, bss_ptmsi))
|
||||
bss_ptmsi = GSM_RESERVED_TMSI;
|
||||
} while (bss_ptmsi == GSM_RESERVED_TMSI);
|
||||
} while (bss_ptmsi == GSM_RESERVED_TMSI && max_retries--);
|
||||
}
|
||||
|
||||
if (bss_ptmsi == GSM_RESERVED_TMSI)
|
||||
LOGP(DGPRS, LOGL_ERROR, "Failed to allocate a BSS P-TMSI\n");
|
||||
|
||||
return bss_ptmsi;
|
||||
}
|
||||
|
||||
|
@ -246,6 +250,7 @@ uint32_t gbproxy_make_sgsn_tlli(struct gbproxy_peer *peer,
|
|||
uint32_t bss_tlli)
|
||||
{
|
||||
uint32_t sgsn_tlli;
|
||||
int max_retries = 23;
|
||||
if (!peer->cfg->patch_ptmsi) {
|
||||
sgsn_tlli = bss_tlli;
|
||||
} else if (tlli_info->sgsn_tlli.ptmsi != GSM_RESERVED_TMSI) {
|
||||
|
@ -259,8 +264,12 @@ uint32_t gbproxy_make_sgsn_tlli(struct gbproxy_peer *peer,
|
|||
|
||||
if (gbproxy_find_tlli_by_any_sgsn_tlli(peer, sgsn_tlli))
|
||||
sgsn_tlli = 0;
|
||||
} while (!sgsn_tlli);
|
||||
} while (!sgsn_tlli && max_retries--);
|
||||
}
|
||||
|
||||
if (!sgsn_tlli)
|
||||
LOGP(DGPRS, LOGL_ERROR, "Failed to allocate an SGSN TLLI\n");
|
||||
|
||||
return sgsn_tlli;
|
||||
}
|
||||
|
||||
|
|
|
@ -359,15 +359,23 @@ uint32_t sgsn_alloc_ptmsi(void)
|
|||
{
|
||||
struct sgsn_mm_ctx *mm;
|
||||
uint32_t ptmsi;
|
||||
int max_retries = 23;
|
||||
|
||||
restart:
|
||||
ptmsi = rand() | 0xC0000000;
|
||||
llist_for_each_entry(mm, &sgsn_mm_ctxts, list) {
|
||||
if (mm->p_tmsi == ptmsi)
|
||||
if (mm->p_tmsi == ptmsi) {
|
||||
if (!max_retries--)
|
||||
goto failed;
|
||||
goto restart;
|
||||
}
|
||||
}
|
||||
|
||||
return ptmsi;
|
||||
|
||||
failed:
|
||||
LOGP(DGPRS, LOGL_ERROR, "Failed to allocate a P-TMSI\n");
|
||||
return GSM_RESERVED_TMSI;
|
||||
}
|
||||
|
||||
static void drop_one_pdp(struct sgsn_pdp_ctx *pdp)
|
||||
|
|
Loading…
Reference in New Issue