Gitiles
Code Review Sign In
gerrit.osmocom.org / osmo-ggsn / e67556e96f135aff7ebb80ad3b8ae89973bbcdaa
commite67556e96f135aff7ebb80ad3b8ae89973bbcdaa[log] [tgz]
authorHarald Welte <laforge@gnumonks.org>Tue May 04 10:59:23 2010 +0200
committerHarald Welte <laforge@gnumonks.org>Tue May 04 10:59:23 2010 +0200
tree665a3853e0b1fc11bca6b8c3bdeaaa7c0c24f480
parentdd69266b10c782b92c354d2445e46ffdec51c591 [diff]
[SECURITY] Fix GTPIE parsing DoS

This is taken from http://sourceforge.net/tracker/index.php?func=detail&aid=1811511&group_id=68956&atid=522957 and http://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg402969.html and addresses a DoS:

The problem lies in the parsing of information elements in GTP messages, which
is implemented in the gtpie_decaps function of gtp/gtpie.c file.

The implementation has a bug that does not check if there are too many
information elements in the message thus causing the software to loop
infinitely in the while-loop.

In addition, handling routine for the error situation had to be implemented
outside the while-loop.
1 file changed
tree: 665a3853e0b1fc11bca6b8c3bdeaaa7c0c24f480
  1. doc/
  2. examples/
  3. ggsn/
  4. gtp/
  5. intl/
  6. po/
  7. sgsnemu/
  8. src/
  9. tests/
  10. .gitignore
  11. acinclude.m4
  12. AUTHORS
  13. ChangeLog
  14. configure.in
  15. configure.scan
  16. COPYING
  17. INSTALL
  18. Makefile.am
  19. NEWS
  20. openggsn.spec.in
  21. README
  22. README.FreeBSD
  23. README.MacOSX
  24. README.Solaris
  25. version