pespin has uploaded this change for review. ( https://gerrit.osmocom.org/c/osmo-iuh/+/34963?usp=email )
Change subject: ranap_transp_layer_addr_decode2(): Fix decoding X.213 IPv4 address len=7 ......................................................................
ranap_transp_layer_addr_decode2(): Fix decoding X.213 IPv4 address len=7
It was found in the field that some peers sends an X.213 IP address consisting of 7 bytes (1byte IDP/AFI, 2byte ICP, 4 byte IPv4 address) insetad of 20 bytes.
Related: SYS#6623 Change-Id: I507fb1605d976bd8573162e4fa81721245330184 --- M src/iu_helpers.c 1 file changed, 21 insertions(+), 4 deletions(-)
git pull ssh://gerrit.osmocom.org:29418/osmo-iuh refs/changes/63/34963/1
diff --git a/src/iu_helpers.c b/src/iu_helpers.c index 718c30a..04f6904 100644 --- a/src/iu_helpers.c +++ b/src/iu_helpers.c @@ -140,14 +140,17 @@
memset(addr, 0, sizeof(*addr));
- if (len == 20 && buf[0] == 0x35) { - /* For an X.213 NSAP encoded address we expect a buffer of exactly 20 bytes (3 bytes IDP + 17 bytes - * DSP). we also expect AFI = 0x35, which means that two byte IDI and an IP address follows. (see also - * comments in function ranap_new_transp_layer_addr below) */ + if ((len == 7 || len == 20) && buf[0] == 0x35) { + /* For an X.213 NSAP encoded address we expect: + * 3 bytes IDP (first byte AFI = 0x35, which means that two byte IDI and an IP address follows) + * Either 4 or 17 bytes of DSP containing the IP address. + * (see also comments in function ranap_new_transp_layer_addr below) */ x213_nsap = true; icp = osmo_load16be(&buf[1]); switch (icp) { case 0x0000: + if (len != 20) + return -EINVAL; addr->u.sa.sa_family = AF_INET6; memcpy(addr->u.sin6.sin6_addr.s6_addr, buf + 3, sizeof(addr->u.sin6.sin6_addr.s6_addr)); break;