From deeab473a030cdb68f7a258b0f6629444933ac1e Mon Sep 17 00:00:00 2001 From: Pau Espin Pedrol Date: Wed, 27 Mar 2019 17:33:17 +0100 Subject: ipa: Document ipa_ccm_idtag_parse_off and fix ipa_ccm_idtag_parse ipa_ccm_idtag_parse_off is broken, and can only be used with len_offset=1 on ID Request messages, otherwise won't work correctly. Modify ipa_ccm_idtag_parse to at least parse those correctly, and document the limitations. Those two functions are already deprecated and only used in openbsc by 3 callers: * ipa_ccm_idtag_parse in ussd_read_cb(): Broken, that function can only work for Requests and it's used to parse a Response. * ipa_ccm_idtag_parse_off in forward_sccp_to_msc (NAT): Broken, it can only be used to parse Requests and it's used to parse a Response. Furthermore, len_offset=2 is passed which makes no sense and most probably it fails always, or can even make the program crash. * ipa_ccm_idtag_parse_off in (answer_challenge): This one is fine and could actually be replaced with ipa_ccm_id_get_parse after this commit is merged. Change-Id: I6efc852dfc041192f554e41a58290a0f63298021 --- src/gsm/ipa.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) (limited to 'src/gsm') diff --git a/src/gsm/ipa.c b/src/gsm/ipa.c index d423c262..8e64a1eb 100644 --- a/src/gsm/ipa.c +++ b/src/gsm/ipa.c @@ -98,11 +98,21 @@ const char *ipa_ccm_idtag_name(uint8_t tag) return idtag_names[tag]; } +/*! Parse the payload part of an IPA CCM ID GET, return \ref tlv_parsed format. */ int ipa_ccm_idtag_parse(struct tlv_parsed *dec, unsigned char *buf, int len) { - return ipa_ccm_idtag_parse_off(dec, buf, len, 0); + return ipa_ccm_idtag_parse_off(dec, buf, len, 1); } +/*! Parse the payload part of an IPA CCM ID GET, return \ref tlv_parsed format. + * WARNING: This function can only parse correctly IPA CCM ID GET/REQUEST + * messages, and only when len_offset is passed value of 1. + * \param[out] dec Caller-provided/allocated output structure for parsed payload + * \param[in] buf Buffer containing the payload (excluding 1 byte msg_type) of the message + * \param[in] len Length of \a buf in octets + * \param[in] len_offset Offset from end of len field to start of value (ommiting tag). Must be 1! + * \returns 0 on success; negative on error + */ int ipa_ccm_idtag_parse_off(struct tlv_parsed *dec, unsigned char *buf, int len, const int len_offset) { uint8_t t_len; -- cgit v1.2.3