gsm48_rx_mm_auth_resp(): pass is_r99 from classmark, not response size

Do not interpret the SRES/RES length returned in the auth response as the R99
capability bit, instead determine it from the actual Classmark information
associated with the conn.

This fixes the is_r99 flag passed in to vlr_subscr_rx_auth_resp(), which ends
up in the struct vlr_auth_resp_par dispatched to the auth_fi and influences the
authentication acceptance.

Though the effect of a wrongly-set-to-false R99 flag is not harmful in this
code path, let's not get this confused.

Change-Id: Ib7f7d89a8b9455d2c022d53d74328fa7488577f4
This commit is contained in:
Neels Hofmeyr 2018-03-10 03:44:06 +01:00
parent 8e0af0ba69
commit 25f69d5615
1 changed files with 8 additions and 10 deletions

View File

@ -952,7 +952,7 @@ static int gsm48_rx_mm_auth_resp(struct gsm_subscriber_connection *conn, struct
uint8_t res[16];
uint8_t res_len;
int rc;
bool is_r99;
bool is_umts;
if (!conn->vsub) {
LOGP(DMM, LOGL_ERROR,
@ -961,30 +961,28 @@ static int gsm48_rx_mm_auth_resp(struct gsm_subscriber_connection *conn, struct
return -EINVAL;
}
if (msgb_l3len(msg) >
sizeof(struct gsm48_hdr) + sizeof(struct gsm48_auth_resp)) {
is_umts = (msgb_l3len(msg) > sizeof(struct gsm48_hdr) + sizeof(struct gsm48_auth_resp));
if (is_umts)
rc = parse_umts_auth_resp(res, &res_len, conn, msg);
is_r99 = true;
} else {
else
rc = parse_gsm_auth_resp(res, &res_len, conn, msg);
is_r99 = false;
}
if (rc) {
LOGP(DMM, LOGL_ERROR,
"%s: MM AUTHENTICATION RESPONSE: invalid: parsing %s AKA Auth Response"
" failed with rc=%d; dispatching zero length SRES/RES to trigger failure\n",
vlr_subscr_name(conn->vsub), is_r99 ? "UMTS" : "GSM", rc);
vlr_subscr_name(conn->vsub), is_umts ? "UMTS" : "GSM", rc);
memset(res, 0, sizeof(res));
res_len = 0;
}
DEBUGP(DMM, "%s: MM %s AUTHENTICATION RESPONSE (%s = %s)\n",
vlr_subscr_name(conn->vsub),
is_r99 ? "R99" : "GSM", is_r99 ? "res" : "sres",
is_umts ? "R99" : "GSM", is_umts ? "res" : "sres",
osmo_hexdump_nospc(res, res_len));
return vlr_subscr_rx_auth_resp(conn->vsub, is_r99,
return vlr_subscr_rx_auth_resp(conn->vsub, classmark_is_r99(&conn->classmark),
conn->via_ran == RAN_UTRAN_IU,
res, res_len);
}