From 2b544b257f3f855e50e27d4e599223862e282b53 Mon Sep 17 00:00:00 2001
From: Stefan Sperling <ssperling@sysmocom.de>
Date: Mon, 25 Jun 2018 12:20:43 +0200
Subject: check bssgp_tlv_parse() return code in bssgp_rcvmsg()

The return code from bssgp_tlv_parse() was not checked for a parsing
error. In case of a parsing error the stored return code could have
been overwritten later in this function.

Explicitly check for a parsing error and log corresponding packets.

Change-Id: Id3d7c52ec3df2bcf4efcee0e0b14fe22ef96964e
Related: OS#3178
---
 src/gb/gprs_bssgp.c | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'src/gb')

diff --git a/src/gb/gprs_bssgp.c b/src/gb/gprs_bssgp.c
index d5d4ea8a..1445a56b 100644
--- a/src/gb/gprs_bssgp.c
+++ b/src/gb/gprs_bssgp.c
@@ -1049,6 +1049,11 @@ int bssgp_rcvmsg(struct msgb *msg)
 		data_len = msgb_bssgp_len(msg) - sizeof(*budh);
 		rc = bssgp_tlv_parse(&tp, budh->data, data_len);
 	}
+	if (rc < 0) {
+		LOGP(DBSSGP, LOGL_ERROR, "Failed to parse BSSGP %s message. Invalid message was: %s\n",
+		     bssgp_pdu_str(pdu_type), msgb_hexdump(msg));
+		return rc;
+	}
 
 	if (bvci == BVCI_SIGNALLING && TLVP_PRESENT(&tp, BSSGP_IE_BVCI))
 		bvci = tlvp_val16be(&tp, BSSGP_IE_BVCI);
-- 
cgit v1.2.3