[MERGED] osmo-ggsn[master]: ggsn: Validate packet src addr from MS

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.

Harald Welte gerrit-no-reply at lists.osmocom.org
Fri Jan 26 18:20:24 UTC 2018 

Harald Welte has submitted this change and it was merged.

Change subject: ggsn: Validate packet src addr from MS
......................................................................


ggsn: Validate packet src addr from MS

Closes: OS#2422

Change-Id: Ie658a7f161103bb6f631ab0508e45e55fb42a442
---
M ggsn/ggsn.c
M gtp/gtp.c
2 files changed, 19 insertions(+), 1 deletion(-)

Approvals:
  Max: Looks good to me, but someone else must approve
  Harald Welte: Looks good to me, approved
  Jenkins Builder: Verified



diff --git a/ggsn/ggsn.c b/ggsn/ggsn.c
index 7954d5e..6645d4c 100644
--- a/ggsn/ggsn.c
+++ b/ggsn/ggsn.c
@@ -736,7 +736,9 @@
 	struct ip6_hdr *ip6h = (struct ip6_hdr *)pack;
 	struct tun_t *tun = (struct tun_t *)pdp->ipif;
 	struct apn_ctx *apn = tun->priv;
+	char straddr[INET6_ADDRSTRLEN];
 	struct ippoolm_t *peer;
+	uint8_t pref_offset;
 
 	OSMO_ASSERT(tun);
 	OSMO_ASSERT(apn);
@@ -752,6 +754,16 @@
 			return -1;
 		}
 
+		/* Validate packet comes from IPaddr assigned to the pdp ctx.
+		   If packet is a LL addr, then EUA is in the lower 64 bits,
+		   otherwise it's used as the 64 prefix */
+		pref_offset = IN6_IS_ADDR_LINKLOCAL(&ip6h->ip6_src) ? 8 : 0;
+		if (memcmp(((uint8_t*)&ip6h->ip6_src) + pref_offset, &peer->addr.v6, 8)) {
+			LOGPPDP(LOGL_ERROR, pdp, "Packet from MS using unassigned src IPv6: %s\n",
+				inet_ntop(AF_INET6, &ip6h->ip6_src, straddr, sizeof(straddr)));
+			return -1;
+		}
+
 		/* daddr: all-routers multicast addr */
 		if (IN6_ARE_ADDR_EQUAL(&ip6h->ip6_dst, &all_router_mcast_addr))
 			return handle_router_mcast(pdp->gsn, pdp, &peer->addr.v6,
@@ -764,6 +776,13 @@
 				osmo_hexdump(pack, len));
 			return -1;
 		}
+
+		/* Validate packet comes from IPaddr assigned to the pdp ctx */
+		if (memcmp(&iph->saddr, &peer->addr.v4, sizeof(peer->addr.v4))) {
+			LOGPPDP(LOGL_ERROR, pdp, "Packet from MS using unassigned src IPv4: %s\n",
+				inet_ntop(AF_INET, &iph->saddr, straddr, sizeof(straddr)));
+			return -1;
+		}
 		break;
 	default:
 		LOGPPDP(LOGL_ERROR, pdp, "Packet from MS is neither IPv4 nor IPv6: %s\n",
diff --git a/gtp/gtp.c b/gtp/gtp.c
index 2abc32e..42e84a7 100644
--- a/gtp/gtp.c
+++ b/gtp/gtp.c
@@ -2698,7 +2698,6 @@
 
 	int hlen;
 
-	/* Need to include code to verify packet src and dest addresses */
 	struct pdp_t *pdp;
 
 	switch (version) {

-- 
To view, visit https://gerrit.osmocom.org/6099
To unsubscribe, visit https://gerrit.osmocom.org/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: Ie658a7f161103bb6f631ab0508e45e55fb42a442
Gerrit-PatchSet: 3
Gerrit-Project: osmo-ggsn
Gerrit-Branch: master
Gerrit-Owner: Pau Espin Pedrol <pespin at sysmocom.de>
Gerrit-Reviewer: Harald Welte <laforge at gnumonks.org>
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: Max <msuraev at sysmocom.de>

More information about the gerrit-log mailing list