osmocom
/
libosmocore
mirror of https://gerrit.osmocom.org/libosmocore
11
0
Fork 1
Code Issues Releases Wiki Activity

ipa: Document ipa_ccm_idtag_parse_off and fix ipa_ccm_idtag_parse 

ipa_ccm_idtag_parse_off is broken, and can only be used with
len_offset=1 on ID Request messages, otherwise won't work correctly.
Modify ipa_ccm_idtag_parse to at least parse those correctly, and
document the limitations.

Those two functions are already deprecated and only used in openbsc by 3
callers:
* ipa_ccm_idtag_parse in ussd_read_cb(): Broken, that function can only
work for Requests and it's used to parse a Response.
* ipa_ccm_idtag_parse_off in forward_sccp_to_msc (NAT): Broken, it can
only be used to parse Requests and it's used to parse a Response.
Furthermore, len_offset=2 is passed which makes no sense and most
probably it fails always, or can even make the program crash.
* ipa_ccm_idtag_parse_off in (answer_challenge): This one is fine and
could actually be replaced with ipa_ccm_id_get_parse after this commit
is merged.

Change-Id: I6efc852dfc041192f554e41a58290a0f63298021
This commit is contained in:
Pau Espin 2019-03-27 17:33:17 +01:00
parent b9baf02c12
commit deeab473a0
1 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/gsm/ipa.c
View File

@ -98,11 +98,21 @@ const char *ipa_ccm_idtag_name(uint8_t tag)
return idtag_names[tag];
}
/*! Parse the payload part of an IPA CCM ID GET, return \ref tlv_parsed format. */
int ipa_ccm_idtag_parse(struct tlv_parsed *dec, unsigned char *buf, int len)
{
return ipa_ccm_idtag_parse_off(dec, buf, len, 0);
return ipa_ccm_idtag_parse_off(dec, buf, len, 1);
}
/*! Parse the payload part of an IPA CCM ID GET, return \ref tlv_parsed format.
* WARNING: This function can only parse correctly IPA CCM ID GET/REQUEST
* messages, and only when len_offset is passed value of 1.
* \param[out] dec Caller-provided/allocated output structure for parsed payload
* \param[in] buf Buffer containing the payload (excluding 1 byte msg_type) of the message
* \param[in] len Length of \a buf in octets
* \param[in] len_offset Offset from end of len field to start of value (ommiting tag). Must be 1!
* \returns 0 on success; negative on error
*/
int ipa_ccm_idtag_parse_off(struct tlv_parsed *dec, unsigned char *buf, int len, const int len_offset)
{
uint8_t t_len;