[SGSN] Some IEs in ATTACH REQUEST can be longer in 24.008
The original length checks were based on 04.08, but 24.008 allows
longer IEs.
diff --git a/openbsc/src/gprs/gprs_gmm.c b/openbsc/src/gprs/gprs_gmm.c
index e071802..817092e 100644
--- a/openbsc/src/gprs/gprs_gmm.c
+++ b/openbsc/src/gprs/gprs_gmm.c
@@ -626,7 +626,7 @@
/* MS network capability 10.5.5.12 */
msnc_len = *cur++;
msnc = cur;
- if (msnc_len > 2)
+ if (msnc_len > 8)
goto err_inval;
cur += msnc_len;
@@ -657,6 +657,8 @@
/* MS Radio Access Capability 10.5.5.12a */
ms_ra_acc_cap_len = *cur++;
ms_ra_acc_cap = cur;
+ if (ms_ra_acc_cap_len > 51)
+ goto err_inval;
/* Optional: Old P-TMSI Signature, Requested READY timer, TMSI Status */