Bug #2864
closedOsmoMSC is crashing/asserting if IMSI length too long
20%
Description
When we send an ID RESPONSE with IMSI longer than 15 digits, OsmoMSC will crash/abort as follows:
Assert failed bcd_len <= sizeof(bcd_buf) gsup.c:494 backtrace() returned 25 addresses /usr/local/stow/libosmocore/lib/libosmogsm.so.8(osmo_gsup_encode+0x1183) [0x7efd0bbf0163]
see attached pcap file.
Files
Checklist
- add ttcn-3 testcase
- fix actual bug by verifying length in MM before hitting GSUP
Updated by msuraev about 6 years ago
- Status changed from New to In Progress
- % Done changed from 0 to 10
Related gerrit 6009 was sent for review.
Updated by msuraev about 6 years ago
- % Done changed from 10 to 20
Related gerrit 6197, 6009 are merged, 6010 is under review.
Updated by laforge about 6 years ago
On Mon, Feb 05, 2018 at 03:38:12PM +0000, msuraev [REDMINE] wrote:
Is there some way to trigger this crash easily?
just send a too long imsi from any of the TTCN3 test cases.
Updated by msuraev about 6 years ago
- Status changed from In Progress to Stalled
Related gerrit 6388, 6460, 6475, 6484 are under review. Alternatively/in addition to it we should implement this in TTCN3.
Updated by stsp almost 6 years ago
Note that overlong IMSIs are currently still being accepted by osmo-msc and are silently truncated.
This behaviour does not seem reasonable. I have proposed a patch at https://gerrit.osmocom.org/#/c/osmo-msc/+/9739
Updated by stsp almost 6 years ago
Updated by stsp over 5 years ago
- Checklist item add ttcn-3 testcase set to Done
- Checklist item fix actual bug by verifying length in MM before hitting GSUP set to Done
Updated by stsp over 5 years ago
- Status changed from In Progress to Resolved
Above patches have been merged.