Actions
Bug #3806
openOsmoBSC accepts BSSAP with wrong length field
Status:
Stalled
Priority:
Normal
Assignee:
-
Category:
A interface
Target version:
-
Start date:
02/18/2019
Due date:
% Done:
40%
Spec Reference:
Description
As seen in #3805, OsmoBSC would happily accept BSSMAP CLEAR COMMAND messages with IEs that extend beyond the length field of the BSSAP header.
This is definitely wrong. We should
- parse the length field
- ensure we have a minimum of that number of bytes of payload as specified by the length field
- truncate the msgb to a payload length as specified
This way any additional garbage at the end of a message would simply be ignored, with us only parsing the specified "length" number of bytes.
Let's also make sure to add TTCN-3 tests for this, intentionally sending length field values too large and too short.
Once implemented in OsmoBSC, we should also implement it on the MSC side.
Files
Related issues
Actions