From d8c2f31a87c373b2137a04c18b3744c1295c0a03 Mon Sep 17 00:00:00 2001 From: Neels Hofmeyr Date: Mon, 24 Oct 2022 00:40:56 +0200 Subject: [PATCH] AMR->IuUP: do not crash on AMR data before IuUP Init When translating AMR to IuUP, when AMR data arrives before the IuUP side has negotiated an IuUP Initialization, do not crash osmo-mgw, but return failure and drop the AMR packet. As soon as IuUP Initialization occured and RFCIs are defined, the AMR starts to pass through to the IuUP side. Related: SYS#5092 Change-Id: Id9efb7e523d8d9af988e4bf4f5e925839204f934 --- src/libosmo-mgcp/mgcp_iuup.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/libosmo-mgcp/mgcp_iuup.c b/src/libosmo-mgcp/mgcp_iuup.c index 90021f39d..15d674d55 100644 --- a/src/libosmo-mgcp/mgcp_iuup.c +++ b/src/libosmo-mgcp/mgcp_iuup.c @@ -98,7 +98,11 @@ static int8_t _conn_iuup_amr_ft_2_rfci(struct mgcp_conn_rtp *conn_rtp, uint8_t f uint8_t rfci_cnt = 0; unsigned match_bytes = (unsigned)osmo_amr_bytes(ft); struct osmo_iuup_rnl_prim *irp = conn_rtp->iuup.init_ind; - OSMO_ASSERT(irp); + if (!irp) { + /* No IuUP Initialization has occured on the IuUP side yet. Return error and drop the RTP data, until + * the IuUP Initialization has configured the link. */ + return -1; + } /* TODO: cache this somehow */ for (i = 0; i < ARRAY_SIZE(irp->u.status.u.initialization.rfci); i++) {