From: Holger Hans Peter Freyther <zecke@selfish.org>
Date: Fri, 21 Oct 2011 12:11:04 +0000 (+0200)
Subject: gsm: Verify the MNCC_VERSION of the BSC/MS and close the socket on mismatch
X-Git-Url: http://git.eversberg.eu/gitweb.cgi?p=lcr.git;a=commitdiff_plain;h=fa5274af2bf2566e60b8ea5c8069f62aadbb97db;ds=inline

gsm: Verify the MNCC_VERSION of the BSC/MS and close the socket on mismatch

The BSC/MS will send a Hello packet that includes the version number,
make LCR verify this version number and close the socket in case it
does not match a supported version.
---

diff --git a/gsm.cpp b/gsm.cpp
index 50ca2ea..5fbbd49 100644
--- a/gsm.cpp
+++ b/gsm.cpp
@@ -1334,6 +1334,7 @@ static int mncc_fd_read(struct lcr_fd *lfd, void *inst, int idx)
 	int rc;
 	static char buf[sizeof(struct gsm_mncc)+1024];
 	struct gsm_mncc *mncc_prim = (struct gsm_mncc *) buf;
+	struct gsm_mncc_hello *hello = (struct gsm_mncc_hello *) buf;
 
 	memset(buf, 0, sizeof(buf));
 	rc = recv(lfd->fd, buf, sizeof(buf), 0);
@@ -1342,6 +1343,17 @@ static int mncc_fd_read(struct lcr_fd *lfd, void *inst, int idx)
 	if (rc < 0)
 		return rc;
 
+	/* TODO: size check? */
+	switch (mncc_prim->msg_type) {
+	case MNCC_SOCKET_HELLO:
+		if (hello->version != MNCC_SOCK_VERSION) {
+			PERROR("MNCC version different. BSC version is %u\n", hello->version);
+			mncc_fd_close(lcr_gsm, lfd);
+			return 0;
+		}
+		break;
+	}
+
 	/* Hand the MNCC message into LCR */
 	switch (lcr_gsm->type) {
 #ifdef WITH_GSM_BS
diff --git a/mncc.h b/mncc.h
index 4b6d3a1..d543b54 100644
--- a/mncc.h
+++ b/mncc.h
@@ -62,6 +62,8 @@
 #define GSM_TCH_FRAME_AMR	0x0303
 #define GSM_BAD_FRAME		0x03ff
 
+#define MNCC_SOCKET_HELLO	0x0400
+
 #define GSM_MAX_FACILITY	128
 #define GSM_MAX_SSVERSION	128
 #define GSM_MAX_USERUSER	128
@@ -326,3 +328,8 @@ struct gsm_mncc_rtp {
 };
 
 
+#define MNCC_SOCK_VERSION	1
+struct gsm_mncc_hello {
+	u_int32_t	msg_type;
+	u_int32_t	version;
+};