From 09fa52468edb5791dbbeb037591ea54fe4c197dc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Alexander=20Kj=C3=A4ll?= <alexander.kjall@gmail.com>
Date: Wed, 21 Jan 2015 19:09:19 +0100
Subject: [PATCH] Update GPRS attach according to 3GPP TS 24.008 version 12.8.0
 Release 12 (section 9.4.1)

---
 SGSNGGSN/GPRSL3Messages.cpp | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/SGSNGGSN/GPRSL3Messages.cpp b/SGSNGGSN/GPRSL3Messages.cpp
index 62f1ccd5..ad265d57 100644
--- a/SGSNGGSN/GPRSL3Messages.cpp
+++ b/SGSNGGSN/GPRSL3Messages.cpp
@@ -367,6 +367,22 @@ void GMMAttach::gmParseIEs(L3GmmFrame &src, size_t &rp, const char *culprit)
 			mTmsiStatus = iei & 1;
 			continue;
 		}
+        if ((iei & 0xf0) == 0xd0) {
+            // 10.5.7.8 Device properties. Ignore for now
+            continue;
+        }
+        if ((iei & 0xf0) == 0xe0) {
+            // 10.5.5.29 P-TMSI type. Ignore for now
+            continue;
+        }
+        if ((iei & 0xf0) == 0xc0) {
+            // 10.5.1.15 MS network feature support. Ignore for now
+            continue;
+        }
+        if ((iei & 0xf0) == 0xf0) {
+            // 10.5.5.0 Additional update type. Ignore for now
+            continue;
+        }
 		switch (iei) {
 		case 0x19:	// TV Old P-TMSI signature.
 			// Dont have a 3 byte 'read' function so use getField then advance rp by 3.
@@ -385,6 +401,10 @@ void GMMAttach::gmParseIEs(L3GmmFrame &src, size_t &rp, const char *culprit)
 		// The specified length is of the ie itself, excluding the iei type and length byte.
 		// Get the length, but dont move rp - let the IEs do that, because
 		// some of them need the length byte.
+		if (rp >= src.size()) {
+			SGSNERROR("invalid message size in "<<culprit <<" bytes="<<src.hexstr());
+			return;
+		}
 		int len = src.getByte(rp);
 		size_t nextrp = rp + len + 1;
 		if (nextrp > src.size()) {	// last one will have nextrp == src.size()