[PATCH] osmo-bsc[master]: mgcp: validate rtp connection data in MGW response (ip/port)

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.

dexter gerrit-no-reply at lists.osmocom.org
Wed Dec 20 14:56:57 UTC 2017 

Hello Harald Welte, Jenkins Builder,

I'd like you to reexamine a change.  Please visit

    https://gerrit.osmocom.org/5320

to look at the new patch set (#4).

mgcp: validate rtp connection data in MGW response (ip/port)

Currently the pasing results from the RTP ip/port are fed into
inet_addr without checking the results.

Check the return code of inet_addr to be sure that the IP-Address
got properly decoded.

Change-Id: I1d0aa7e9b8480e1bef57269e3904399cb99815bb
---
M src/osmo-bsc/osmo_bsc_mgcp.c
1 file changed, 18 insertions(+), 2 deletions(-)


  git pull ssh://gerrit.osmocom.org:29418/osmo-bsc refs/changes/20/5320/4

diff --git a/src/osmo-bsc/osmo_bsc_mgcp.c b/src/osmo-bsc/osmo_bsc_mgcp.c
index 6907d4f..8ea6415 100644
--- a/src/osmo-bsc/osmo_bsc_mgcp.c
+++ b/src/osmo-bsc/osmo_bsc_mgcp.c
@@ -198,6 +198,7 @@
 	struct mgcp_ctx *mgcp_ctx = priv;
 	int rc;
 	struct osmo_bsc_sccp_con *conn;
+	uint32_t addr;
 
 	OSMO_ASSERT(mgcp_ctx);
 	conn = mgcp_ctx->conn;
@@ -227,13 +228,20 @@
 		return;
 	}
 
+	addr = inet_addr(r->audio_ip);
+	if (addr == INADDR_NONE) {
+		LOGPFSML(mgcp_ctx->fsm, LOGL_ERROR, "CRCX/BTS: Cannot parse response (invalid IP-address)\n");
+		handle_error(mgcp_ctx, MGCP_ERR_MGW_INVAL_RESP);
+		return;
+	}
+
 	LOGPFSML(mgcp_ctx->fsm, LOGL_DEBUG, "CRCX/BTS: MGW responded with address %s:%u\n", r->audio_ip, r->audio_port);
 
 	/* Set the connection details in the conn struct. The code that
 	 * controls the BTS via RSL will take these values and signal them
 	 * to the BTS via RSL/IPACC */
 	conn->user_plane.rtp_port = r->audio_port;
-	conn->user_plane.rtp_ip = osmo_ntohl(inet_addr(r->audio_ip));
+	conn->user_plane.rtp_ip = osmo_ntohl(addr);
 
 	/* Notify the FSM that we got the response. */
 	osmo_fsm_inst_dispatch(mgcp_ctx->fsm, EV_CRCX_BTS_RESP, mgcp_ctx);
@@ -480,6 +488,7 @@
 	struct osmo_bsc_sccp_con *conn;
 	struct gsm_lchan *lchan;
 	struct sockaddr_in *sin;
+	uint32_t addr;
 
 	OSMO_ASSERT(mgcp_ctx);
 	conn = mgcp_ctx->conn;
@@ -511,13 +520,20 @@
 		return;
 	}
 
+	addr = inet_addr(r->audio_ip);
+	if (addr == INADDR_NONE) {
+		LOGPFSML(mgcp_ctx->fsm, LOGL_ERROR, "CRCX/NET: Cannot parse response (invalid IP-address)\n");
+		handle_error(mgcp_ctx, MGCP_ERR_MGW_INVAL_RESP);
+		return;
+	}
+
 	LOGPFSML(mgcp_ctx->fsm, LOGL_DEBUG, "CRCX/NET: MGW responded with address %s:%u\n",
 		 r->audio_ip, r->audio_port);
 
 	/* Store address */
 	sin = (struct sockaddr_in *)&conn->user_plane.aoip_rtp_addr_local;
 	sin->sin_family = AF_INET;
-	sin->sin_addr.s_addr = inet_addr(r->audio_ip);
+	sin->sin_addr.s_addr = addr;
 	sin->sin_port = osmo_ntohs(r->audio_port);
 
 	/* Notify the FSM that we got the response. */

-- 
To view, visit https://gerrit.osmocom.org/5320
To unsubscribe, visit https://gerrit.osmocom.org/settings

Gerrit-MessageType: newpatchset
Gerrit-Change-Id: I1d0aa7e9b8480e1bef57269e3904399cb99815bb
Gerrit-PatchSet: 4
Gerrit-Project: osmo-bsc
Gerrit-Branch: master
Gerrit-Owner: dexter <pmaier at sysmocom.de>
Gerrit-Reviewer: Harald Welte <laforge at gnumonks.org>
Gerrit-Reviewer: Jenkins Builder

More information about the gerrit-log mailing list