Actions
Bug #2871
closedOsmoMSC crashes if BSSMAP CIPHER MODE COMPLETE has no L3 Message IE
Start date:
01/24/2018
Due date:
% Done:
100%
Resolution:
Spec Reference:
Description
According to TS 44.008 Section 3.2.1.31, the "Layer 3 Message Contents" IE of the BSSMAP Cipher Mode Complete is optional. The BSC may hence inlcude that IE or not include it.
OsmoMSC is crashing if that IE is missing:
<000a> a_iface_bssap.c:699 Rx BSC DT: 00 03 55 2c 02 <000a> a_iface_bssap.c:629 Rx MSC DT1 BSSMAP CIPHER MODE COMPLETE <001f> a_iface_bssap.c:91 Found A subscriber for conn_id 1 <000a> a_iface_bssap.c:415 BSC sends cipher mode complete (conn_id=1) ==5611== Invalid read of size 8 ==5611== at 0x128D0F: msc_cipher_mode_compl (osmo_msc.c:159) ==5611== by 0x114F62: bssmap_rx_ciph_compl.isra.8 (a_iface_bssap.c:432) ==5611== by 0x113267: sccp_sap_up (a_iface.c:520) ==5611== by 0x56D3C8E: _osmo_fsm_inst_dispatch (fsm.c:450) ==5611== by 0x5D5D9D4: sccp_scoc_rx_from_scrc (sccp_scoc.c:1581) ==5611== by 0x5D5B6CA: scrc_rx_mtp_xfer_ind_xua (sccp_scrc.c:449) ==5611== by 0x5D5E5A4: mtp_user_prim_cb (sccp_user.c:176) ==5611== by 0x5D563E2: m3ua_rx_xfer (m3ua.c:586) ==5611== by 0x5D563E2: m3ua_rx_msg (m3ua.c:738) ==5611== by 0x5D615A2: xua_cli_read_cb (osmo_ss7.c:1590) ==5611== by 0x70EF41A: osmo_stream_cli_read (stream.c:192) ==5611== by 0x70EF41A: osmo_stream_cli_fd_cb (stream.c:276) ==5611== by 0x56D0950: osmo_fd_disp_fds (select.c:216) ==5611== by 0x56D0950: osmo_select_main (select.c:256) ==5611== by 0x112895: main (msc_main.c:552)
Files
Updated by laforge about 6 years ago
- Category set to A interface (general)
- Status changed from New to In Progress
- % Done changed from 0 to 80
Patch in https://gerrit.osmocom.org/6034
Testcase in TC_lu_imsi_auth_tmsi_encr_13_13 in https://gerrit.osmocom.org/6046
Updated by laforge about 6 years ago
- Status changed from In Progress to Closed
- % Done changed from 80 to 100
merged.
Actions
