cellular-infrastructure
/
osmo-msc
mirror of https://gerrit.osmocom.org/osmo-msc
9
0
Fork 0
Code Issues Releases Wiki Activity

gsm_04_14: fix off-by-one error in create_gsm0414_msg() 

This byte is redundant, and must not be allocated in this function.
A consequence of this error is that the MS alwats interprets the
"Sub-channel" IE as test loop A regardless of the specified type.

Here is an example of malformed Close TCH loop (type C) message:

  0f 00 00 04
  x. .. .. ..  - Skip indicator (see 3GPP TS 24.007)
  .x .. .. ..  - Protocol discriminator (see 3GPP TS 24.007)
  .. xx .. ..  - Message type (CLOSE_TCH_LOOP_CMD)
  .. .. !! ..  - (!) Redundant byte from create_gsm0414_msg()
  .. .. .. xx  - (!) The actual "Sub-channel" IE (loop C, X=0)

Change-Id: Ia47225b884439dcd43be307e7351994e55fcd50d
This commit is contained in:
Vadim Yanitskiy 2020-07-29 05:28:42 +07:00
parent d9fe7110ea
commit 72e0f09c03
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/libmsc/gsm_04_14.c
View File

@ -43,7 +43,7 @@ static struct msgb *create_gsm0414_msg(uint8_t msg_type)
struct msgb *msg = gsm48_msgb_alloc_name("GSM 04.14");
struct gsm48_hdr *gh;
gh = (struct gsm48_hdr *) msgb_put(msg, sizeof(*gh) + 1);
gh = (struct gsm48_hdr *) msgb_put(msg, sizeof(*gh));
gh->proto_discr = GSM48_PDISC_TEST;
gh->msg_type = msg_type;
return msg;