gprs_ns2: on ns2_create_vc parse the tlv before using it
reject_status_msg require a parsed tlv. Otherwise an
uninitialized tlv is passed.
Change-Id: I82cab518966b8b49c3522ff5f7b6f82d1027a526
diff --git a/src/gb/gprs_ns2.c b/src/gb/gprs_ns2.c
index fd016e6..9d5a97c 100644
--- a/src/gb/gprs_ns2.c
+++ b/src/gb/gprs_ns2.c
@@ -798,6 +798,15 @@
if (msg->len < sizeof(struct gprs_ns_hdr))
return GPRS_NS2_CS_ERROR;
+ rc = ns2_tlv_parse(&tp, nsh->data,
+ msgb_l2len(msg) - sizeof(*nsh), 0, 0);
+ if (rc < 0) {
+ LOGP(DLNS, LOGL_ERROR, "Rx NS RESET Error %d during "
+ "TLV Parse\n", rc);
+ /* TODO: send invalid message back */
+ return GPRS_NS2_CS_REJECTED;
+ }
+
switch (nsh->pdu_type) {
case NS_PDUT_STATUS:
/* Do not respond, see 3GPP TS 08.16, 7.5.1 */
@@ -840,15 +849,6 @@
return GPRS_NS2_CS_REJECTED;
}
- rc = ns2_tlv_parse(&tp, nsh->data,
- msgb_l2len(msg) - sizeof(*nsh), 0, 0);
- if (rc < 0) {
- LOGP(DLNS, LOGL_ERROR, "Rx NS RESET Error %d during "
- "TLV Parse\n", rc);
- /* TODO: send invalid message back */
- return GPRS_NS2_CS_REJECTED;
- }
-
if (!TLVP_PRES_LEN(&tp, NS_IE_CAUSE, 1) ||
!TLVP_PRES_LEN(&tp, NS_IE_VCI, 2) || !TLVP_PRES_LEN(&tp, NS_IE_NSEI, 2)) {
LOGP(DLNS, LOGL_ERROR, "NS RESET Missing mandatory IE\n");