This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.
pespin gerrit-no-reply at lists.osmocom.orgpespin has uploaded this change for review. ( https://gerrit.osmocom.org/c/osmo-ggsn/+/17764 ) Change subject: sgsnemu: Pass array of in64_addr to in46a_from_eua() ...................................................................... sgsnemu: Pass array of in64_addr to in46a_from_eua() Let's avoid buffer-overflow writing into out-of-bounds memory in the event the GGSN sends us 2 EUAs in Create PDP Context Respose. It should theoretically happen since we don't yet support ipv4v6 APNs in sgsnemu, but who knows. Change-Id: I8becd90ce1f0e8bb6e21438c04da4a9cab845492 --- M sgsnemu/sgsnemu.c 1 file changed, 34 insertions(+), 30 deletions(-) git pull ssh://gerrit.osmocom.org:29418/osmo-ggsn refs/changes/64/17764/1 diff --git a/sgsnemu/sgsnemu.c b/sgsnemu/sgsnemu.c index 01bdf9b..679f3c2 100644 --- a/sgsnemu/sgsnemu.c +++ b/sgsnemu/sgsnemu.c @@ -1409,8 +1409,8 @@ static int create_pdp_conf(struct pdp_t *pdp, void *cbp, int cause) { - int rc; - struct in46_addr addr; + int rc, i, num_addr; + struct in46_addr addr[2]; #if defined(__linux__) sigset_t oldmask; #endif @@ -1442,7 +1442,7 @@ return EOF; /* Not what we expected */ } - if (in46a_from_eua(&pdp->eua, &addr) < 1) { + if ((num_addr = in46a_from_eua(&pdp->eua, addr)) < 1) { printf ("Received create PDP context response. Cause value: %d\n", cause); @@ -1452,20 +1452,7 @@ return EOF; /* Not a valid IP address */ } - printf("Received create PDP context response. IP address: %s\n", - in46a_ntoa(&addr)); - - switch (addr.len) { - case 16: /* IPv6 */ - /* we have to enable the kernel to perform stateless autoconfiguration, - * i.e. send a router solicitation using the lover 64bits of the allocated - * EUA as interface identifier, as per 3GPP TS 29.061 Section 11.2.1.3.2 */ - memcpy(addr.v6.s6_addr, ll_prefix, sizeof(ll_prefix)); - printf("Derived IPv6 link-local address: %s\n", in46a_ntoa(&addr)); - break; - case 4: /* IPv4 */ - break; - } + printf("Received create PDP context response.\n"); #if defined(__linux__) if ((options.createif) && (options.netns)) { @@ -1477,19 +1464,37 @@ } #endif - if ((options.createif) && (!options.net.len)) { - size_t prefixlen = 32; - if (addr.len == 16) - prefixlen = 64; - /* printf("Setting up interface and routing\n"); */ - tun_addaddr(tun, &addr, &addr, prefixlen); - if (options.defaultroute) { - struct in_addr rm; - rm.s_addr = 0; - netdev_addroute(&rm, &addr.v4, &rm); + for (i = 0; i < num_addr; i++) { + printf("PDP ctx: received EUA with IP address: %s\n", in46a_ntoa(&addr[i])); + + switch (addr[i].len) { + case 16: /* IPv6 */ + /* we have to enable the kernel to perform stateless autoconfiguration, + * i.e. send a router solicitation using the lover 64bits of the allocated + * EUA as interface identifier, as per 3GPP TS 29.061 Section 11.2.1.3.2 */ + memcpy(addr[i].v6.s6_addr, ll_prefix, sizeof(ll_prefix)); + printf("Derived IPv6 link-local address: %s\n", in46a_ntoa(&addr[i])); + break; + case 4: /* IPv4 */ + break; } - if (options.ipup) - tun_runscript(tun, options.ipup); + + if ((options.createif) && (!options.net.len)) { + size_t prefixlen = 32; + if (addr[i].len == 16) + prefixlen = 64; + /* printf("Setting up interface and routing\n"); */ + tun_addaddr(tun, &addr[i], &addr[i], prefixlen); + if (options.defaultroute) { + struct in_addr rm; + rm.s_addr = 0; + netdev_addroute(&rm, &addr[i].v4, &rm); + } + if (options.ipup) + tun_runscript(tun, options.ipup); + } + + ipset(iph, &addr[i]); } /* now that ip-up has been executed, check if we are configured to @@ -1526,7 +1531,6 @@ } #endif - ipset(iph, &addr); state = 2; /* Connected */ -- To view, visit https://gerrit.osmocom.org/c/osmo-ggsn/+/17764 To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: osmo-ggsn Gerrit-Branch: master Gerrit-Change-Id: I8becd90ce1f0e8bb6e21438c04da4a9cab845492 Gerrit-Change-Number: 17764 Gerrit-PatchSet: 1 Gerrit-Owner: pespin <pespin at sysmocom.de> Gerrit-MessageType: newchange -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.osmocom.org/pipermail/gerrit-log/attachments/20200409/fd2feb2e/attachment.htm>