sms: Avoid infinite CP-ERROR/CP-ACK loop with sms.

The issue can be reproduced by typing the following 9 or more times. OpenBSC> subscriber id 2 sms sender id 2 send bla For some unknown reason the phone sends us a CP-ERROR for a transaction identifier we have allocated and used but don't remember. Due the way we use the SMC/SMR we 'establish' the machine and this results in a CP-ACK being sent out. But the CP-ERROR is not having the content we want for an establish so we send out a RP-ERROR. This will result in a CP-ERROR because the phone does not know the transaction... Avoid the issue by checking the direction of the transaction. If we do not know the transaction and it is supposed to be allocated by us then just ignore it and do not create a new transaction.
2013-01-13 16:23:36 +01:00 · 2013-01-13 16:23:36 +01:00 · ba36bf4c5d
parent 30a3d2f0fe
commit ba36bf4c5d
1 changed files with 12 additions and 0 deletions
--- a/openbsc/src/libmsc/gsm_04_11.c
+++ b/openbsc/src/libmsc/gsm_04_11.c
@ -762,6 +762,18 @@ int gsm0411_rcv_sms(struct gsm_subscriber_connection *conn,
 	DEBUGP(DLSMS, "receiving data (trans_id=%x)\n", transaction_id);
 	trans = trans_find_by_id(conn->subscr, GSM48_PDISC_SMS,
 				 transaction_id);
+
+	/*
+	 * A transaction we created but don't know about?
+	 */
+	if (!trans && (transaction_id & 0x8) == 0) {
+		LOGP(DLSMS, LOGL_ERROR, "trans_id=%x allocated by us but known "
+			"to us anymore. We are ignoring it, maybe a CP-ERROR "
+			"from a MS?\n",
+			transaction_id);
+		return -EINVAL;
+	}
+
 	if (!trans) {
 		DEBUGP(DLSMS, " -> (new transaction)\n");
 		trans = trans_alloc(conn->subscr, GSM48_PDISC_SMS,