mirror of https://github.com/PentHertz/srsLTE.git
drop all integrity protected NAS messages whose check is failing
- also enables integrity check for messages that are only integrity protected but not ciphered
This commit is contained in:
parent
dc3e88079a
commit
d6c0c7b03c
|
@ -287,30 +287,31 @@ void nas::write_pdu(uint32_t lcid, byte_buffer_t *pdu) {
|
|||
uint8 pd = 0;
|
||||
uint8 msg_type = 0;
|
||||
uint8 sec_hdr_type = 0;
|
||||
bool mac_valid = false;
|
||||
|
||||
nas_log->info_hex(pdu->msg, pdu->N_bytes, "DL %s PDU", rrc->get_rb_name(lcid).c_str());
|
||||
|
||||
// Parse the message security header
|
||||
liblte_mme_parse_msg_sec_header((LIBLTE_BYTE_MSG_STRUCT*)pdu, &pd, &sec_hdr_type);
|
||||
switch(sec_hdr_type)
|
||||
switch (sec_hdr_type)
|
||||
{
|
||||
case LIBLTE_MME_SECURITY_HDR_TYPE_PLAIN_NAS:
|
||||
case LIBLTE_MME_SECURITY_HDR_TYPE_INTEGRITY_WITH_NEW_EPS_SECURITY_CONTEXT:
|
||||
case LIBLTE_MME_SECURITY_HDR_TYPE_SERVICE_REQUEST:
|
||||
break;
|
||||
case LIBLTE_MME_SECURITY_HDR_TYPE_INTEGRITY:
|
||||
break;
|
||||
case LIBLTE_MME_SECURITY_HDR_TYPE_INTEGRITY_AND_CIPHERED:
|
||||
if((mac_valid = integrity_check(pdu))) {
|
||||
if((integrity_check(pdu))) {
|
||||
if (sec_hdr_type == LIBLTE_MME_SECURITY_HDR_TYPE_INTEGRITY_AND_CIPHERED) {
|
||||
cipher_decrypt(pdu);
|
||||
break;
|
||||
} else {
|
||||
nas_log->error("Not handling NAS message with integrity check error\n");
|
||||
pool->deallocate(pdu);
|
||||
return;
|
||||
}
|
||||
case LIBLTE_MME_SECURITY_HDR_TYPE_INTEGRITY_AND_CIPHERED_WITH_NEW_EPS_SECURITY_CONTEXT:
|
||||
break;
|
||||
} else {
|
||||
nas_log->error("Not handling NAS message with integrity check error\n");
|
||||
pool->deallocate(pdu);
|
||||
return;
|
||||
}
|
||||
case LIBLTE_MME_SECURITY_HDR_TYPE_INTEGRITY_AND_CIPHERED_WITH_NEW_EPS_SECURITY_CONTEXT:
|
||||
break;
|
||||
default:
|
||||
nas_log->error("Not handling NAS message with SEC_HDR_TYPE=%02X\n", sec_hdr_type);
|
||||
pool->deallocate(pdu);
|
||||
|
|
Loading…
Reference in New Issue