lynxis lazus has uploaded this change for review. ( https://gerrit.osmocom.org/c/osmo-sgsn/+/38940?usp=email )
Change subject: gmm: Fix reject small size RAU request ......................................................................
gmm: Fix reject small size RAU request
A RAU Request can actually be 14 bytes long: """ GSM A-I/F DTAP - Routing Area Update Request Protocol Discriminator: GPRS mobility management messages (8) .... 1000 = Protocol discriminator: GPRS mobility management messages (0x8) 0000 .... = Skip Indicator: No indication of selected PLMN (0) DTAP GPRS Mobility Management Message Type: Routing Area Update Request (0x08) Update Type .... 0... = Follow-on request pending: False .... .000 = Update type: RA updating (0) Ciphering Key Sequence Number 0... .... = Spare bit(s): 0 .111 .... = key sequence: No key is available (MS to network) (7) Routing Area Identification - Old routing area identification - RAI: 262-42-13135-0 Routing area identification: 262-42-13135-0 Mobile Country Code (MCC): Germany (262) Mobile Network Code (MNC): Vodafone GmbH (42) Location Area Code (LAC): 0x334f (13135) Routing Area Code (RAC): 0x00 (0) MS Radio Access Capability Length: 4 MS RA capability 1 0001 .... = Access Technology Type: GSM E --note that GSM E covers GSM P (1) .... 0001 111. .... = Length in bits: 0x0f (15) ...0 01.. RF Power Capability, GMSK Power Class: Not specified (1) A5 Bits: Same values apply for parameters as in the immediately preceding Access capabilities field within this IE (0) .... ...1 = Controlled early Classmark Sending: Implemented 0... .... = Pseudo Synchronisation: Not Present .0.. .... = Voice Group Call Service: no VGCS capability or no notifications wanted ..0. .... = Voice Broadcast Service: no VBS capability or no notifications wanted ...1 .... = Multislot capability struct: Present HSCSD multislot class: Bits are not available (0) GPRS multislot class: Bits are not available (0) SMS_VALUE (Switch-Measure-Switch): Bits are not available (0) ECSD multislot class: Bits are not available (0) EGPRS multislot class: Bits are not available (0) DTM GPRS Multi Slot Class: Bits are not available (0) """ Change-Id: I49210a04b16e6e2fc9d799b99c2fa415f28ddbba
Change-Id: I7fbe0ecbc6bb0797188af0d73fff0052bcc32e39 --- M src/sgsn/gprs_gmm_util.c 1 file changed, 3 insertions(+), 2 deletions(-)
git pull ssh://gerrit.osmocom.org:29418/osmo-sgsn refs/changes/40/38940/1
diff --git a/src/sgsn/gprs_gmm_util.c b/src/sgsn/gprs_gmm_util.c index 4a59c37..4f61669 100644 --- a/src/sgsn/gprs_gmm_util.c +++ b/src/sgsn/gprs_gmm_util.c @@ -79,8 +79,9 @@
memset(rau_req, 0, sizeof(struct gprs_gmm_ra_upd_req));
- /* all mandatory fields + variable length MS Radio Cap (min value) */ - if (msgb_l3len(msg) < 16) + /* all mandatory fields + variable length MS Radio Cap (min value) would be 15 bytes. + * But even short radio capabilities we should handle with 14 bytes */ + if (msgb_l3len(msg) < 14) return GMM_CAUSE_PROTO_ERR_UNSPEC;
gh = (struct gsm48_hdr *) msgb_gmmh(msg);