commit 8e0af0ba69cf03fb4743933bd84504388020a41b
author Neels Hofmeyr <neels@hofmeyr.de> Sat Mar 10 03:32:18 2018 +0100
committer Neels Hofmeyr <neels@hofmeyr.de> Sat Mar 10 22:12:13 2018 +0100
tree 31c2cf7528a0b8a84285dd2b5e2b8f810f82c3b6
parent 7795a19ced9380f38c4e689742a3ae59a1fef453

vlr auth: gracefully reject malformed auth response

Instead of just closing down the conn hard, actually feed invalid auth response
data to vlr_subscr_rc_auth_resp() in order to trigger all the actions we want
to see with a failed authentication:
- a GSUP signal that the auth failed,
- a LU reject.
Verify this in new test_wrong_sres_length() in msc_vlr_test_gsm_authen.c.

Note that in gsm48_rx_mm_auth_resp(), the is_r99 flag is falsely derived from
the RES length, which upcoming commit Ib7f7d89a8b9455d2c022d53d74328fa7488577f4
will fix.

Change-Id: I4179a290069ac61d0662de4ec7ca3edb76988899

src/libmsc/gsm_04_08.c

diff --git a/src/libmsc/gsm_04_08.c b/src/libmsc/gsm_04_08.c
index f87a4c6..ceef2d8 100644
--- a/src/libmsc/gsm_04_08.c
+++ b/src/libmsc/gsm_04_08.c
@@ -971,8 +971,12 @@
 	}
 
 	if (rc) {
-		msc_subscr_conn_close(conn, GSM_CAUSE_AUTH_FAILED);
-		return -EINVAL;
+		LOGP(DMM, LOGL_ERROR,
+		     "%s: MM AUTHENTICATION RESPONSE: invalid: parsing %s AKA Auth Response"
+		     " failed with rc=%d; dispatching zero length SRES/RES to trigger failure\n",
+		     vlr_subscr_name(conn->vsub), is_r99 ? "UMTS" : "GSM", rc);
+		memset(res, 0, sizeof(res));
+		res_len = 0;
 	}
 
 	DEBUGP(DMM, "%s: MM %s AUTHENTICATION RESPONSE (%s = %s)\n",