OsmoBSC accepts BSSAP with wrong length field
As seen in #3805, OsmoBSC would happily accept BSSMAP CLEAR COMMAND messages with IEs that extend beyond the length field of the BSSAP header.
This is definitely wrong. We should
- parse the length field
- ensure we have a minimum of that number of bytes of payload as specified by the length field
- truncate the msgb to a payload length as specified
This way any additional garbage at the end of a message would simply be ignored, with us only parsing the specified "length" number of bytes.
Let's also make sure to add TTCN-3 tests for this, intentionally sending length field values too large and too short.
Once implemented in OsmoBSC, we should also implement it on the MSC side.