pespin has submitted this change. ( https://gerrit.osmocom.org/c/osmo-mgw/+/29864 )

Change subject: mgw: rx_rtp(): reorder checks and handlings ......................................................................

mgw: rx_rtp(): reorder checks and handlings

First validate the origin of the message, then later the content of the message and finally execute whatever triggers are necessary. This way contents from unknown senders are not even parsed or acted upon, avoiding useless potential harm.

Change-Id: I011a6d7d705768c32a35cec5cd7169725a21a670 --- M src/libosmo-mgcp/mgcp_network.c 1 file changed, 4 insertions(+), 4 deletions(-)

Approvals: Jenkins Builder: Verified osmith: Looks good to me, approved laforge: Looks good to me, but someone else must approve

diff --git a/src/libosmo-mgcp/mgcp_network.c b/src/libosmo-mgcp/mgcp_network.c index 26f3475..432c2b1 100644 --- a/src/libosmo-mgcp/mgcp_network.c +++ b/src/libosmo-mgcp/mgcp_network.c @@ -1514,7 +1514,9 @@

LOG_CONN_RTP(conn_src, LOGL_DEBUG, "rx_rtp(%u bytes)\n", msgb_length(msg));

- mgcp_conn_watchdog_kick(conn_src->conn); + /* Check if the origin of the RTP packet seems plausible */ + if (!trunk->rtp_accept_all && check_rtp_origin(conn_src, from_addr)) + return -1;

/* If AMR is configured for the ingress connection and conversion of the * framing mode (octet-aligned vs. bandwith-efficient) is explicitly @@ -1534,9 +1536,7 @@ } }

- /* Check if the origin of the RTP packet seems plausible */ - if (!trunk->rtp_accept_all && check_rtp_origin(conn_src, from_addr)) - return -1; + mgcp_conn_watchdog_kick(conn_src->conn);

/* Execute endpoint specific implementation that handles the * dispatching of the RTP data */