Commit 05567b59 authored by Vijay Chadachan's avatar Vijay Chadachan

Fix for OAI UE AUTH_REQ processing additional check for RAND value

It was observed in simulation test the OAI UE always sends the sucessful
AUTH_RES when the AUTH_REQ has the RAND value "0". This opens a back door
in the authentication process.

The code is modified to fix this issue in OAI UE.
parent 4c4cbc96
......@@ -149,7 +149,8 @@ int emm_proc_authentication_request(nas_user_t *user, int native_ksi, int ksi,
int rc = RETURNerror;
authentication_data_t *authentication_data = user->authentication_data;
emm_timers_t *emm_timers = user->emm_data->emm_timers;
uint8_t nullRand[AUTH_CK_SIZE];
memset(nullRand, 0, AUTH_CK_SIZE);
LOG_TRACE(INFO, "EMM-PROC - Authentication requested ksi type = %s, ksi = %d", native_ksi ? "native" : "mapped", ksi);
/* 3GPP TS 24.301, section 5.4.2.1
......@@ -178,11 +179,13 @@ int emm_proc_authentication_request(nas_user_t *user, int native_ksi, int ksi,
OctetString ik = {AUTH_IK_SIZE, authentication_data->ik};
OctetString res = {AUTH_RES_SIZE, authentication_data->res};
if (memcmp(authentication_data->rand, rand->value, AUTH_CK_SIZE) != 0) {
if ((memcmp(authentication_data->rand, rand->value, AUTH_CK_SIZE) != 0) ||
(memcmp(nullRand,authentication_data->rand, AUTH_CK_SIZE) == 0)) {
/*
* There is no valid stored RAND in the ME or the stored RAND is
* different from the new received value in the AUTHENTICATION
* REQUEST message
* REQUEST message OR the received RAND is all "0" or "NULL"
* process the new received AUTHENTICATIOn REQUEST message
*/
OctetString auts;
auts.length = 0;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment