[mgcp] Fix two bugs in the protocol handling
In case of a wrongly formatted AUEP, CRCX, DLCX, MDCX the
transaction id pointer was a dangling pointer... Initialize
the transaction id to a static string..
Also fix a off by one bug. We want to extract four elements
from the MGCP message and not only 3... So a short AUEP message
made it us read too many things.
diff --git a/openbsc/src/mgcp/mgcp_protocol.c b/openbsc/src/mgcp/mgcp_protocol.c
index 43bddf4..0fe33dd 100644
--- a/openbsc/src/mgcp/mgcp_protocol.c
+++ b/openbsc/src/mgcp/mgcp_protocol.c
@@ -302,6 +302,8 @@
{
int found;
+ *transaction_id = "000000";
+
if (size < 3) {
LOGP(DMGCP, LOGL_ERROR, "Not enough space in ptr\n");
return -1;
@@ -309,7 +311,7 @@
found = find_msg_pointers(msg, ptr, size);
- if (found < 3) {
+ if (found <= 3) {
LOGP(DMGCP, LOGL_ERROR, "Gateway: Not enough params. Found: %d\n", found);
return -1;
}