Change in libosmocore[master]: gprs_ns2: sgsn: free the NSE if the SIZE PDU is not valid

lynxis lazus gerrit-no-reply at lists.osmocom.org
Sat Jun 12 22:32:09 UTC 2021


lynxis lazus has uploaded this change for review. ( https://gerrit.osmocom.org/c/libosmocore/+/24650 )


Change subject: gprs_ns2: sgsn: free the NSE if the SIZE PDU is not valid
......................................................................

gprs_ns2: sgsn: free the NSE if the SIZE PDU is not valid

The SGSN fsm should be freed when becoming invalid instead of going
into the unconfigured state. The unconfigured states should be only used
when creating the NSE (on the SGSN side).

Change-Id: Ife889091ecba4180a90743deb786767008fe863d
---
M src/gb/gprs_ns2_sns.c
1 file changed, 14 insertions(+), 0 deletions(-)



  git pull ssh://gerrit.osmocom.org:29418/libosmocore refs/changes/50/24650/1

diff --git a/src/gb/gprs_ns2_sns.c b/src/gb/gprs_ns2_sns.c
index c2d5a96..78c0e26 100644
--- a/src/gb/gprs_ns2_sns.c
+++ b/src/gb/gprs_ns2_sns.c
@@ -2242,12 +2242,16 @@
 		    !TLVP_PRES_LEN(tp, NS_IE_MAX_NR_NSVC, 2)) {
 			cause = NS_CAUSE_MISSING_ESSENT_IE;
 			ns2_tx_sns_size_ack(gss->sns_nsvc, &cause);
+			if (fi->state == GPRS_SNS_ST_UNCONFIGURED)
+				sns_failed(fi, "Rx Size: Missing Enssential IE");
 			break;
 		}
 		if (!TLVP_PRES_LEN(tp, NS_IE_IPv4_EP_NR, 2) &&
 		    !TLVP_PRES_LEN(tp, NS_IE_IPv6_EP_NR, 2)) {
 			cause = NS_CAUSE_MISSING_ESSENT_IE;
 			ns2_tx_sns_size_ack(gss->sns_nsvc, &cause);
+			if (fi->state == GPRS_SNS_ST_UNCONFIGURED)
+				sns_failed(fi, "Rx Size: Missing Enssential IE");
 			break;
 		}
 		if (TLVP_PRES_LEN(tp, NS_IE_IPv4_EP_NR, 2))
@@ -2271,6 +2275,8 @@
 			else
 				cause = NS_CAUSE_INVAL_NR_IPv6_EP;
 			ns2_tx_sns_size_ack(gss->sns_nsvc, &cause);
+			if (fi->state == GPRS_SNS_ST_UNCONFIGURED)
+				sns_failed(fi, "Rx Size: Invalid Nr of IPv4/IPv6 EPs");
 			break;
 		}
 		/* ensure number of NS-VCs is sufficient for full mesh */
@@ -2281,6 +2287,8 @@
 				 num_remote_eps, num_local_eps * num_remote_eps, gss->num_max_nsvcs);
 			cause = NS_CAUSE_INVAL_NR_NS_VC;
 			ns2_tx_sns_size_ack(gss->sns_nsvc, &cause);
+			if (fi->state == GPRS_SNS_ST_UNCONFIGURED)
+				sns_failed(fi, NULL);
 			break;
 		}
 		/* perform state reset, if requested */
@@ -2305,6 +2313,12 @@
 			}
 			ns2_sns_compute_local_ep_from_binds(fi);
 		}
+
+		if (fi->state == GPRS_SNS_ST_UNCONFIGURED && !(flag & 1)) {
+			sns_failed(fi, "Rx Size without Reset flag, but NSE is unknown");
+			break;
+		}
+
 		/* send SIZE_ACK */
 		ns2_tx_sns_size_ack(gss->sns_nsvc, NULL);
 		/* only wait for SNS-CONFIG in case of Reset flag */

-- 
To view, visit https://gerrit.osmocom.org/c/libosmocore/+/24650
To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings

Gerrit-Project: libosmocore
Gerrit-Branch: master
Gerrit-Change-Id: Ife889091ecba4180a90743deb786767008fe863d
Gerrit-Change-Number: 24650
Gerrit-PatchSet: 1
Gerrit-Owner: lynxis lazus <lynxis at fe80.eu>
Gerrit-MessageType: newchange
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osmocom.org/pipermail/gerrit-log/attachments/20210612/52955c4f/attachment.htm>


More information about the gerrit-log mailing list