csn1: Avoid failing if optional DownlinkDualCarrierCapability_r7 is missing

All additional release fields are considered optional, and the CSN_DESCR for Content_t already marks almost all as such, except DownlinkDualCarrierCapability_r7. It has been found that some MS transmits a MS RA Capability with a Length=61 bits where the last bit in the buffer is setting the Exist bit for DownlinkDualCarrierCapability_r7 as 1. Hence, the CSN1 decoder failed to decode the whole message because it expected to keep reading there despite there's no more bytes to read. While this is could actually be considered an MS bug, let's relax our expectancies and simply consider the case { 1 <end> } as it was { 0 }, and mark skip decoding DownlinkDualCarrierCapability_r7. That waht wireshark (packet-gsm_a_gsm.c) or pycrate do for instance. This patch itself doesn't fix the problem where actually the Exist bit is stored as 1 in the output decoded structure, but simply allows keep ongoing with decoding until the end. This issue will be fixed in a follow-up patch. Related: SYS#5552 Related: OS#4955 Related: OS#5020 Change-Id: I9a2541bd3544802a646890f32725201836abb0da
2021-10-19 16:48:16 +02:00 · 2021-10-19 16:48:16 +02:00 · ebdc0d8c17
parent 089d734cd1
commit ebdc0d8c17
6 changed files with 54 additions and 36 deletions
--- a/src/csn1.h
+++ b/src/csn1.h
@ -461,6 +461,16 @@ gint16 csnStreamEncoder(csnStream_t* ar, const CSN_DESCR* pDescr, struct bitvec
 #define M_TYPE(_STRUCT, _MEMBER, _MEMBER_TYPE)\
        {CSN_TYPE, 0, {(const void*)CSNDESCR_##_MEMBER_TYPE}, offsetof(_STRUCT, _MEMBER), FALSE, #_MEMBER, 0, NULL}

+/******************************************************************************
+ * M_TYPE_OR_NULL(Par1, Par2, Par3)
+ * Similar to the M_TYPE except that not only the request set of bits but also the
+ * end of the message may be encountered when looking for the next element in
+ * the message.
+ * Covers the case {null | 0 | 1 < IE >}
+ *****************************************************************************/
+#define M_TYPE_OR_NULL(_STRUCT, _MEMBER, _MEMBER_TYPE)\
+        {CSN_TYPE, 0, {(const void*)CSNDESCR_##_MEMBER_TYPE}, offsetof(_STRUCT, _MEMBER), TRUE, #_MEMBER, 0, NULL}
+
 /******************************************************************************
 * M_UNION(Par1, Par2)
 * Informs the CSN.1 library that a union follows and how many possible choices
--- a/src/csn1_dec.c
+++ b/src/csn1_dec.c
@ -388,22 +388,26 @@ csnStreamDecoder(csnStream_t* ar, const CSN_DESCR* pDescr, struct bitvec *vector
      {
        gint16      Status;
        csnStream_t arT = *ar;
-        LOGPC(DCSN1, LOGL_DEBUG, " : %s | ", pDescr->sz);
-        csnStreamInit(&arT, bit_offset, remaining_bits_len);
-	Status = csnStreamDecoder(&arT, (const CSN_DESCR*)pDescr->descr.ptr, vector, readIndex, pvDATA(data, pDescr->offset));
-        LOGPC(DCSN1, LOGL_DEBUG, ": End %s | ", pDescr->sz);
-        if (Status >= 0)
+        if (pDescr->may_be_null && remaining_bits_len == 0)
        {
-          remaining_bits_len  = arT.remaining_bits_len;
-          bit_offset          = arT.bit_offset;
-          pDescr++;
+          LOGPC(DCSN1, LOGL_DEBUG, " : %s = NULL | ", pDescr->sz);
+        } else {
+          LOGPC(DCSN1, LOGL_DEBUG, " : %s | ", pDescr->sz);
+          csnStreamInit(&arT, bit_offset, remaining_bits_len);
+	  Status = csnStreamDecoder(&arT, (const CSN_DESCR*)pDescr->descr.ptr, vector, readIndex, pvDATA(data, pDescr->offset));
+          LOGPC(DCSN1, LOGL_DEBUG, ": End %s | ", pDescr->sz);
+          if (Status >= 0)
+          {
+            remaining_bits_len  = arT.remaining_bits_len;
+            bit_offset          = arT.bit_offset;
+          }
+          else
+          {
+            /* Has already been processed: ProcessError("csnStreamDecoder", Status, pDescr);  */
+            return Status;
+          }
        }
-        else
-        {
-          /* Has already been processed: ProcessError("csnStreamDecoder", Status, pDescr);  */
-          return Status;
-        }
-
+        pDescr++;
        break;
      }

@ -838,21 +842,25 @@ csnStreamDecoder(csnStream_t* ar, const CSN_DESCR* pDescr, struct bitvec *vector
          {
            gint16      Status;
            csnStream_t arT = *ar;
-            LOGPC(DCSN1, LOGL_DEBUG, " : %s | ", pDescr->sz);
-            csnStreamInit(&arT, bit_offset, remaining_bits_len);
-	    Status = csnStreamDecoder(&arT, (const CSN_DESCR*)pDescr->descr.ptr, vector, readIndex, pvDATA(data, pDescr->offset));
-            LOGPC(DCSN1, LOGL_DEBUG, " : End %s | ", pDescr->sz);
-            if (Status >= 0)
+            if (pDescr->may_be_null && remaining_bits_len == 0)
            {
-              remaining_bits_len = arT.remaining_bits_len;
-              bit_offset         = arT.bit_offset;
-              pDescr++;
+              LOGPC(DCSN1, LOGL_DEBUG, " : %s = NULL | ", pDescr->sz);
+            } else {
+              LOGPC(DCSN1, LOGL_DEBUG, " : %s | ", pDescr->sz);
+              csnStreamInit(&arT, bit_offset, remaining_bits_len);
+	      Status = csnStreamDecoder(&arT, (const CSN_DESCR*)pDescr->descr.ptr, vector, readIndex, pvDATA(data, pDescr->offset));
+              LOGPC(DCSN1, LOGL_DEBUG, " : End %s | ", pDescr->sz);
+              if (Status >= 0)
+              {
+                remaining_bits_len = arT.remaining_bits_len;
+                bit_offset         = arT.bit_offset;
+              }
+              else
+              { /* return error code Has already been processed:  */
+                return Status;
+              }
            }
-            else
-            { /* return error code Has already been processed:  */
-              return Status;
-            }
-
+            pDescr++;
            break;
          }

--- a/src/gsm_rlcmac.c
+++ b/src/gsm_rlcmac.c
@ -928,7 +928,7 @@ CSN_DESCR_BEGIN       (Content_t)
  /* additions in release 7 */
  M_UINT_OR_NULL      (Content_t,  DTM_Handover_Capability,  1),
  M_NEXT_EXIST_OR_NULL(Content_t, Exist_DownlinkDualCarrierCapability_r7, 1),
-  M_TYPE              (Content_t, DownlinkDualCarrierCapability_r7, DownlinkDualCarrierCapability_r7_t),
+  M_TYPE_OR_NULL      (Content_t, DownlinkDualCarrierCapability_r7, DownlinkDualCarrierCapability_r7_t),

  M_UINT_OR_NULL      (Content_t,  FlexibleTimeslotAssignment,  1),
  M_UINT_OR_NULL      (Content_t,  GAN_PS_HandoverCapability,  1),
--- a/tests/rlcmac/RLCMACTest.cpp
+++ b/tests/rlcmac/RLCMACTest.cpp
@ -806,14 +806,14 @@ MS Radio Access Capability
 	printf("=== Test decoding of MS RA Capability 4===\n");
 	rc = decode_gsm_ra_cap(bv_dec, &data);
 	printf("decode_gsm_ra_cap() returns %d\n", rc);
-	OSMO_ASSERT(rc == -5); /* FIXME: should be 0 */
+	OSMO_ASSERT(rc == 0);

 	/* Make sure there's 3 values */
-	OSMO_ASSERT(data.Count_MS_RA_capability_value == 0); /* FIXME: should be 3 */
+	OSMO_ASSERT(data.Count_MS_RA_capability_value == 3);

 	/* Make sure GPRS / EGPRS multislot class is parsed correctly */
-	printf("GPRS multislot class = %u\n", get_ms_class_by_capability(&data)); /* FIXME: should be 12 */
-	printf("EGPRS multislot class = %u\n", get_egprs_ms_class_by_capability(&data)); /* FIXME: should be 12 */
+	printf("GPRS multislot class = %u\n", get_ms_class_by_capability(&data));
+	printf("EGPRS multislot class = %u\n", get_egprs_ms_class_by_capability(&data));

 	bitvec_free(bv_dec);
 }
--- a/tests/rlcmac/RLCMACTest.err
+++ b/tests/rlcmac/RLCMACTest.err
--- a/tests/rlcmac/RLCMACTest.ok
+++ b/tests/rlcmac/RLCMACTest.ok
@ -214,6 +214,6 @@ decode_egprs_pkt_ch_req(0x6f9) returns 0
 decode_egprs_pkt_ch_req(0x7ea) returns -8
 *** testRAcap4 ***
 === Test decoding of MS RA Capability 4===
-decode_gsm_ra_cap() returns -5
-GPRS multislot class = 0
-EGPRS multislot class = 0
+decode_gsm_ra_cap() returns 0
+GPRS multislot class = 12
+EGPRS multislot class = 12