Change in osmo-sgsn[master]: gbproxy: Fix abort during APN patch

daniel gerrit-no-reply at lists.osmocom.org
Mon Nov 26 10:47:35 UTC 2018


daniel has submitted this change and it was merged. ( https://gerrit.osmocom.org/11889 )

Change subject: gbproxy: Fix abort during APN patch
......................................................................

gbproxy: Fix abort during APN patch

gbproxy process was aborted with following message during APN patching:
<000e> gb_proxy_patch.c:129 Patching ACT_PDP_REQ to SGSN: Replacing APN 'foo' -> 'bar'
msgb(0x5555558797d0): Sub area is not fully contained in the msg data

During osmo-sgsn 107fb59e84b12bbf6bdfdd4fc241dbcda7332706 old copy of
gprs_msgb_resize_area was replaced by more modern libosmocore version
called msgb_resize_area. They are mostly identical but the later has
some extra verification asserts. One of this asserts was triggering the
process abort, but the bug has always been there as far as I could see
in git history.

The assert triggers because the bssgp buffer and parse_ctx point to
"stored_msg", while the data buffer comes from a different msbg "msg",
which is clearly wrong behavior.

In the modified line, "msg" (the one which provided the imsi now already
stored in link_info through gbproxy_update_link_state_ul()->gbproxy_assign_imsi())
is really not needed anymore, and we want to patch the stored msg going
to be forwarded.

Related: SYS#4397
Change-Id: I7226fc5bcfbf58c349431d0a39cdb904fefd9e9c
---
M src/gprs/gb_proxy.c
1 file changed, 1 insertion(+), 1 deletion(-)

Approvals:
  Harald Welte: Looks good to me, but someone else must approve
  daniel: Looks good to me, approved
  Jenkins Builder: Verified



diff --git a/src/gprs/gb_proxy.c b/src/gprs/gb_proxy.c
index fe6a6c6..85c3c47 100644
--- a/src/gprs/gb_proxy.c
+++ b/src/gprs/gb_proxy.c
@@ -348,7 +348,7 @@
 		gprs_gb_parse_bssgp(msgb_bssgph(stored_msg),
 				    msgb_bssgp_len(stored_msg),
 				    &tmp_parse_ctx);
-		gbproxy_patch_bssgp(msg, msgb_bssgph(stored_msg),
+		gbproxy_patch_bssgp(stored_msg, msgb_bssgph(stored_msg),
 				    msgb_bssgp_len(stored_msg),
 				    peer, link_info, &len_change,
 				    &tmp_parse_ctx);

-- 
To view, visit https://gerrit.osmocom.org/11889
To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings

Gerrit-Project: osmo-sgsn
Gerrit-Branch: master
Gerrit-MessageType: merged
Gerrit-Change-Id: I7226fc5bcfbf58c349431d0a39cdb904fefd9e9c
Gerrit-Change-Number: 11889
Gerrit-PatchSet: 2
Gerrit-Owner: Pau Espin Pedrol <pespin at sysmocom.de>
Gerrit-Reviewer: Harald Welte <laforge at gnumonks.org>
Gerrit-Reviewer: Jenkins Builder (1000002)
Gerrit-Reviewer: Pau Espin Pedrol <pespin at sysmocom.de>
Gerrit-Reviewer: daniel <dwillmann at sysmocom.de>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osmocom.org/pipermail/gerrit-log/attachments/20181126/3ab08fcd/attachment.html>


More information about the gerrit-log mailing list