Fix MM Auth: disallow key_seq mismatch In auth_get_tuple_for_subscr(), add missing condition to match incoming key_seq with stored key_seq, so that re-authentication is requested for mismatching key_seqs. Add test for this issue.

commit: 0d929be8264ba592313f2cdd9bc4bd9b2579df00 [log] [tgz]
author: Neels Hofmeyr <nhofmeyr@sysmocom.de> Wed Mar 30 11:22:29 2016 +0200
committer: Harald Welte <laforge@gnumonks.org> Thu Mar 31 11:56:48 2016 +0200
tree: 8f55e9bb352089046927fb471c4d24b77b8ec17c
parent: 4e875aec0fda55bc93ea76c6992aaf3d90931d2d [diff] [blame]
diff --git a/openbsc/src/libmsc/auth.c b/openbsc/src/libmsc/auth.c
index 4ce1839..ca39d01 100644
--- a/openbsc/src/libmsc/auth.c
+++ b/openbsc/src/libmsc/auth.c

@@ -100,6 +100,7 @@
 	rc = db_get_lastauthtuple_for_subscr(atuple, subscr);
 	if ((rc == 0) &&
 	    (key_seq != GSM_KEY_SEQ_INVAL) &&
+	    (key_seq == atuple->key_seq) &&
 	    (atuple->use_count < 3))
 	{
 		atuple->use_count++;
commit	0d929be8264ba592313f2cdd9bc4bd9b2579df00	[log] [tgz]
author	Neels Hofmeyr <nhofmeyr@sysmocom.de>	Wed Mar 30 11:22:29 2016 +0200
committer	Harald Welte <laforge@gnumonks.org>	Thu Mar 31 11:56:48 2016 +0200
tree	8f55e9bb352089046927fb471c4d24b77b8ec17c
parent	4e875aec0fda55bc93ea76c6992aaf3d90931d2d [diff] [blame]