Check integrity_generate msg_size parameter

master
Ismael Gomez 7 years ago
parent 2d9c101027
commit f4243656c9

@ -345,6 +345,11 @@ void nas::integrity_generate(uint8_t *key_128,
bool nas::integrity_check(byte_buffer_t *pdu) bool nas::integrity_check(byte_buffer_t *pdu)
{ {
if (!pdu) {
nas_log->error("Invalid PDU\n");
return NULL;
}
if (pdu->N_bytes > 5) {
uint8_t exp_mac[4]; uint8_t exp_mac[4];
uint8_t *mac = &pdu->msg[1]; uint8_t *mac = &pdu->msg[1];
int i; int i;
@ -369,6 +374,9 @@ bool nas::integrity_check(byte_buffer_t *pdu)
nas_log->info("Integrity check ok. Local: count=%d, Received: count=%d\n", nas_log->info("Integrity check ok. Local: count=%d, Received: count=%d\n",
ctxt.rx_count, pdu->msg[5]); ctxt.rx_count, pdu->msg[5]);
return true; return true;
} else {
nas_log->error("Invalid integrity check PDU size (%d)\n", pdu->N_bytes);
}
} }
void nas::cipher_encrypt(byte_buffer_t *pdu) void nas::cipher_encrypt(byte_buffer_t *pdu)
@ -454,6 +462,17 @@ bool nas::check_cap_replay(LIBLTE_MME_UE_SECURITY_CAPABILITIES_STRUCT *caps)
******************************************************************************/ ******************************************************************************/
void nas::parse_attach_accept(uint32_t lcid, byte_buffer_t *pdu) { void nas::parse_attach_accept(uint32_t lcid, byte_buffer_t *pdu) {
if (!pdu) {
nas_log->error("Invalid PDU\n");
return;
}
if (pdu->N_bytes <= 5) {
nas_log->error("Invalid attach accept PDU size (%d)\n", pdu->N_bytes);
return;
}
LIBLTE_MME_ATTACH_ACCEPT_MSG_STRUCT attach_accept; LIBLTE_MME_ATTACH_ACCEPT_MSG_STRUCT attach_accept;
LIBLTE_MME_ACTIVATE_DEFAULT_EPS_BEARER_CONTEXT_REQUEST_MSG_STRUCT act_def_eps_bearer_context_req; LIBLTE_MME_ACTIVATE_DEFAULT_EPS_BEARER_CONTEXT_REQUEST_MSG_STRUCT act_def_eps_bearer_context_req;
LIBLTE_MME_ATTACH_COMPLETE_MSG_STRUCT attach_complete; LIBLTE_MME_ATTACH_COMPLETE_MSG_STRUCT attach_complete;
@ -679,6 +698,17 @@ void nas::parse_identity_request(uint32_t lcid, byte_buffer_t *pdu) {
void nas::parse_security_mode_command(uint32_t lcid, byte_buffer_t *pdu) void nas::parse_security_mode_command(uint32_t lcid, byte_buffer_t *pdu)
{ {
if (!pdu) {
nas_log->error("Invalid PDU\n");
return;
}
if (pdu->N_bytes <= 5) {
nas_log->error("Invalid security mode command PDU size (%d)\n", pdu->N_bytes);
return;
}
LIBLTE_MME_SECURITY_MODE_COMMAND_MSG_STRUCT sec_mode_cmd; LIBLTE_MME_SECURITY_MODE_COMMAND_MSG_STRUCT sec_mode_cmd;
LIBLTE_MME_SECURITY_MODE_COMPLETE_MSG_STRUCT sec_mode_comp; LIBLTE_MME_SECURITY_MODE_COMPLETE_MSG_STRUCT sec_mode_comp;
@ -808,6 +838,8 @@ void nas::parse_emm_information(uint32_t lcid, byte_buffer_t *pdu) {
******************************************************************************/ ******************************************************************************/
void nas::send_attach_request() { void nas::send_attach_request() {
LIBLTE_MME_ATTACH_REQUEST_MSG_STRUCT attach_req; LIBLTE_MME_ATTACH_REQUEST_MSG_STRUCT attach_req;
byte_buffer_t *msg = pool_allocate; byte_buffer_t *msg = pool_allocate;
if (!msg) { if (!msg) {
@ -861,12 +893,16 @@ void nas::send_attach_request() {
(LIBLTE_BYTE_MSG_STRUCT *) msg); (LIBLTE_BYTE_MSG_STRUCT *) msg);
// Add MAC // Add MAC
if (msg->N_bytes > 5) {
integrity_generate(&k_nas_int[16], integrity_generate(&k_nas_int[16],
ctxt.tx_count, ctxt.tx_count,
SECURITY_DIRECTION_UPLINK, SECURITY_DIRECTION_UPLINK,
&msg->msg[5], &msg->msg[5],
msg->N_bytes - 5, msg->N_bytes - 5,
&msg->msg[1]); &msg->msg[1]);
} else {
nas_log->error("Invalid PDU size %d\n", msg->N_bytes);
}
} else { } else {
attach_req.eps_mobile_id.type_of_id = LIBLTE_MME_EPS_MOBILE_ID_TYPE_IMSI; attach_req.eps_mobile_id.type_of_id = LIBLTE_MME_EPS_MOBILE_ID_TYPE_IMSI;
usim->get_imsi_vec(attach_req.eps_mobile_id.imsi, 15); usim->get_imsi_vec(attach_req.eps_mobile_id.imsi, 15);

Loading…
Cancel
Save