[PATCH] openbsc[master]: db.c: fix retrieval of Ki blob, safe against e.g. zero bytes

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.

Neels Hofmeyr gerrit-no-reply at lists.osmocom.org
Sun Dec 25 00:42:10 UTC 2016


db.c: fix retrieval of Ki blob, safe against e.g. zero bytes

It appears that we've so far always been unable to use Ki keys that contain a
zero byte, or apparently anything that's outside the 7bit ascii space ... ?

With this Ki stored in the hlr.sqlite3 db:

  sqlite> INSERT INTO "AuthKeys" VALUES(57,2,X'000102030405060708090A0B0C0D0E0F');
  sqlite> select hex(a3a8_ki) from AuthKeys;
  000102030405060708090A0B0C0D0E0F

I always get:

  DMM <0002> ../../../src/libmsc/auth.c:70 Invalid COMP128v1 key (len=0)

Curious, could it be the zero byte? Just to check, I put the zero byte further right:

  sqlite> select hex(a3a8_ki) from AuthKeys;
  F00102030405060008090A0B0C0D0E
  ^ nonzero     ^^ zero

Now the log says:

  DMM <0002> ../../../src/libmsc/auth.c:70 Invalid COMP128v1 key (len=5) f1 f3 f4 f5 f6

I was expecting a 7 byte BLOB of "f0 01 02 03 04 05 06", definitely not the above.

With this patch, all of these problems disappear and Ki bytes are retrieved
correctly from the sqlite db. TODO: are other BLOB values also affected?

BTW, this turned up because I'm working on the new VLR, which will inherently
fix this issue, but in the course of that I recapped the current osmo-nitb's
sequence of events for 2G ciphering as it is on the openbsc master branch.

Change-Id: Iffc814e2091aa5d2a833035c3fbccd1b06b50f34
---
M openbsc/src/libmsc/db.c
1 file changed, 10 insertions(+), 7 deletions(-)


  git pull ssh://gerrit.osmocom.org:29418/openbsc refs/changes/04/1504/2

diff --git a/openbsc/src/libmsc/db.c b/openbsc/src/libmsc/db.c
index 5cccb32..0f2c7f0 100644
--- a/openbsc/src/libmsc/db.c
+++ b/openbsc/src/libmsc/db.c
@@ -616,10 +616,11 @@
                                struct gsm_subscriber *subscr)
 {
 	dbi_result result;
-	const unsigned char *a3a8_ki;
+	const char *a3a8_ki;
+	int rc;
 
 	result = dbi_conn_queryf(conn,
-			"SELECT * FROM AuthKeys WHERE subscriber_id=%llu",
+			"SELECT algorithm_id, hex(a3a8_ki) FROM AuthKeys WHERE subscriber_id=%llu",
 			 subscr->id);
 	if (!result)
 		return -EIO;
@@ -630,11 +631,13 @@
 	}
 
 	ainfo->auth_algo = dbi_result_get_ulonglong(result, "algorithm_id");
-	ainfo->a3a8_ki_len = dbi_result_get_field_length(result, "a3a8_ki");
-	a3a8_ki = dbi_result_get_binary(result, "a3a8_ki");
-	if (ainfo->a3a8_ki_len > sizeof(ainfo->a3a8_ki))
-		ainfo->a3a8_ki_len = sizeof(ainfo->a3a8_ki);
-	memcpy(ainfo->a3a8_ki, a3a8_ki, ainfo->a3a8_ki_len);
+	a3a8_ki = dbi_result_get_string_idx(result, 2);
+	rc = osmo_hexparse(a3a8_ki, ainfo->a3a8_ki, sizeof(ainfo->a3a8_ki));
+	if (rc < 0)
+		ainfo->a3a8_ki_len = 0;
+	else {
+		ainfo->a3a8_ki_len = osmo_hexparse(a3a8_ki, ainfo->a3a8_ki, sizeof(ainfo->a3a8_ki));
+	}
 
 	dbi_result_free(result);
 

-- 
To view, visit https://gerrit.osmocom.org/1504
To unsubscribe, visit https://gerrit.osmocom.org/settings

Gerrit-MessageType: newpatchset
Gerrit-Change-Id: Iffc814e2091aa5d2a833035c3fbccd1b06b50f34
Gerrit-PatchSet: 2
Gerrit-Project: openbsc
Gerrit-Branch: master
Gerrit-Owner: Neels Hofmeyr <nhofmeyr at sysmocom.de>
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: Neels Hofmeyr <nhofmeyr at sysmocom.de>



More information about the gerrit-log mailing list