Project

General

Profile

Feature #2565

verify hex key sizes read from DB

Added by neels 10 days ago.

Status:
New
Priority:
Normal
Assignee:
-
Target version:
-
Start date:
10/10/2017
Due date:
% Done:

0%


Description

currently, osmo-hlr reads auth data from the DB as strings and uses osmo_hexparse() without verifying the resulting size.
Write a test suite and make sure wrong key sizes are complained about and error handling is in place.

Note that there is a code snippet #if'd out in db_auc.c:

               aud2g->algo = sqlite3_column_int(stmt, 1);
               ki = sqlite3_column_text(stmt, 2);
#if 0
               if (sqlite3_column_bytes(stmt, 2) != sizeof(aud2g->u.gsm.ki)) {
                       LOGAUC(imsi, LOGL_ERROR, "Error reading Ki: %d\n", rc);
                       goto end_2g;
               }
#endif

Also available in: Atom PDF