This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.
fixeria gerrit-no-reply at lists.osmocom.orgHello laforge, Jenkins Builder, I'd like you to reexamine a change. Please visit https://gerrit.osmocom.org/c/osmo-msc/+/16683 to look at the new patch set (#3). Change subject: libmsc/gsm_04_08.c: fix: verify MI before calling vlr_subscr_rx_id_resp() ...................................................................... libmsc/gsm_04_08.c: fix: verify MI before calling vlr_subscr_rx_id_resp() During the last congress, we have noticed that OsmoMSC crashes on receipt of malformed MM Identity Response messages: BSSAP Message Type: Direct Transfer (0x01) Data Link Connection Identifier 00.. .... = Control Channel: not further specified (0x0) ..00 0... = Spare: 0x0 .... .000 = SAPI: RR/MM/CC (0x0) Length: 11 GSM A-I/F DTAP - Identity Response Protocol Discriminator: Mobility Management messages (5) .... 0101 = Protocol discriminator: Mobility Management messages (0x5) 0000 .... = Skip Indicator: No indication of selected PLMN (0) 01.. .... = Sequence number: 1 ..01 1001 = DTAP Mobility Management Message Type: Identity Response (0x19) Mobile Identity - Format Unknown Length: 8 .... 1... = Odd/even indication: Odd number of identity digits .... .111 = Mobile Identity Type: Unknown (7) <-- This makes OsmoMSC crash [Expert Info (Warning/Protocol): Unknown format 7] [Unknown format 7] [Severity level: Warning] [Group: Protocol] The value '111'B is not a valid Mobile Identity type, and shall be considered as reserved according to 3GPP TS 24.008, section 10.5.1.4. Later on it was discovered that '000'B also crashes OsmoMSC in the same way. The crash itself is provoked by OSMO_ASSERT(0) in vlr_subscr_rx_id_resp(). Let's keep that assert in there, and make sure that: - on receipt of MM Identity Response, Mobile Identity type matches the one in MM Identity Request; - on receipt of RR Ciphering Mode Complete, Mobile Identity contains IMEI(SV) if present. Change-Id: Ica4c90b8eb4d90325313c6eb400fa4a6bc5df825 TTCN-3 test case: I62f23355eb91df2edf9dc837c928cb86b530b743 Fixes: OS#4340 --- M include/osmocom/msc/msc_a.h M src/libmsc/gsm_04_08.c 2 files changed, 39 insertions(+), 0 deletions(-) git pull ssh://gerrit.osmocom.org:29418/osmo-msc refs/changes/83/16683/3 -- To view, visit https://gerrit.osmocom.org/c/osmo-msc/+/16683 To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: osmo-msc Gerrit-Branch: master Gerrit-Change-Id: Ica4c90b8eb4d90325313c6eb400fa4a6bc5df825 Gerrit-Change-Number: 16683 Gerrit-PatchSet: 3 Gerrit-Owner: fixeria <axilirator at gmail.com> Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: fixeria <axilirator at gmail.com> Gerrit-Reviewer: laforge <laforge at osmocom.org> Gerrit-CC: pespin <pespin at sysmocom.de> Gerrit-MessageType: newpatchset -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.osmocom.org/pipermail/gerrit-log/attachments/20200103/2e993ea2/attachment.htm>