cellular-infrastructure
/
osmo-bsc
mirror of https://gerrit.osmocom.org/osmo-bsc
9
0
Fork 0
Code Issues Releases Wiki Activity

bsc: Fix crash if PagingResponse with invalid MobileIdentity is received 

It was found in a BSC on the field that an MS sending an incorrect
MobileIdentity IE (wrong length) in PagingResponse was generating a
crash on the BSC.

When the MobileIdentity cannot be parsed right now we keep on instead of
rejecting the conn. This should change in the future, but it needs
further improvements in our TTCN3 tests. For now let's simply validate
the subscriber is not NULL; since recently paging optimizations made
paging_request_stop() require the subscriber to be non-null.

Fixes: 27cb5d3e24
Related: SYS#6280
Change-Id: If8b439ff74c5dd690d637d3e3278c75d6cd6b928
This commit is contained in:
Pau Espin 2023-01-02 16:55:05 +01:00
parent 6c2798c5ce
commit 6cc5f08eb8
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/osmo-bsc/gsm_08_08.c
View File

@ -440,7 +440,8 @@ int bsc_compl_l3(struct gsm_lchan *lchan, struct msgb *msg, uint16_t chosen_chan
paged_from_msc = NULL;
paging_reasons = BSC_PAGING_NONE;
if (pdisc == GSM48_PDISC_RR && mtype == GSM48_MT_RR_PAG_RESP) {
paging_request_stop(&paged_from_msc, &paging_reasons, bts, conn->bsub);
if (conn->bsub)
paging_request_stop(&paged_from_msc, &paging_reasons, bts, conn->bsub);
if (!paged_from_msc) {
/* This looks like an unsolicited Paging Response. It is required to pick any MSC, because any
* MT-CSFB calls were Paged by the MSC via SGs, and hence are not listed in the BSC. */