<p>fixeria <strong>uploaded patch set #3</strong> to this change.</p><p><a href="https://gerrit.osmocom.org/c/osmo-msc/+/16683">View Change</a></p><pre style="font-family: monospace,monospace; white-space: pre-wrap;">libmsc/gsm_04_08.c: fix: verify MI before calling vlr_subscr_rx_id_resp()<br><br>During the last congress, we have noticed that OsmoMSC crashes<br>on receipt of malformed MM Identity Response messages:<br><br> BSSAP<br> Message Type: Direct Transfer (0x01)<br> Data Link Connection Identifier<br> 00.. .... = Control Channel: not further specified (0x0)<br> ..00 0... = Spare: 0x0<br> .... .000 = SAPI: RR/MM/CC (0x0)<br> Length: 11<br> GSM A-I/F DTAP - Identity Response<br> Protocol Discriminator: Mobility Management messages (5)<br> .... 0101 = Protocol discriminator: Mobility Management messages (0x5)<br> 0000 .... = Skip Indicator: No indication of selected PLMN (0)<br> 01.. .... = Sequence number: 1<br> ..01 1001 = DTAP Mobility Management Message Type: Identity Response (0x19)<br> Mobile Identity - Format Unknown<br> Length: 8<br> .... 1... = Odd/even indication: Odd number of identity digits<br> .... .111 = Mobile Identity Type: Unknown (7) <-- This makes OsmoMSC crash<br> [Expert Info (Warning/Protocol): Unknown format 7]<br> [Unknown format 7]<br> [Severity level: Warning]<br> [Group: Protocol]<br><br>The value '111'B is not a valid Mobile Identity type, and shall be<br>considered as reserved according to 3GPP TS 24.008, section 10.5.1.4.<br>Later on it was discovered that '000'B also crashes OsmoMSC in the same way.<br><br>The crash itself is provoked by OSMO_ASSERT(0) in vlr_subscr_rx_id_resp().<br>Let's keep that assert in there, and make sure that:<br><br> - on receipt of MM Identity Response, Mobile Identity type<br> matches the one in MM Identity Request;<br><br> - on receipt of RR Ciphering Mode Complete, Mobile Identity<br> contains IMEI(SV) if present.<br><br>Change-Id: Ica4c90b8eb4d90325313c6eb400fa4a6bc5df825<br>TTCN-3 test case: I62f23355eb91df2edf9dc837c928cb86b530b743<br>Fixes: OS#4340<br>---<br>M include/osmocom/msc/msc_a.h<br>M src/libmsc/gsm_04_08.c<br>2 files changed, 39 insertions(+), 0 deletions(-)<br><br></pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;">git pull ssh://gerrit.osmocom.org:29418/osmo-msc refs/changes/83/16683/3</pre><p>To view, visit <a href="https://gerrit.osmocom.org/c/osmo-msc/+/16683">change 16683</a>. To unsubscribe, or for help writing mail filters, visit <a href="https://gerrit.osmocom.org/settings">settings</a>.</p><div itemscope itemtype="http://schema.org/EmailMessage"><div itemscope itemprop="action" itemtype="http://schema.org/ViewAction"><link itemprop="url" href="https://gerrit.osmocom.org/c/osmo-msc/+/16683"/><meta itemprop="name" content="View Change"/></div></div>
<div style="display:none"> Gerrit-Project: osmo-msc </div>
<div style="display:none"> Gerrit-Branch: master </div>
<div style="display:none"> Gerrit-Change-Id: Ica4c90b8eb4d90325313c6eb400fa4a6bc5df825 </div>
<div style="display:none"> Gerrit-Change-Number: 16683 </div>
<div style="display:none"> Gerrit-PatchSet: 3 </div>
<div style="display:none"> Gerrit-Owner: fixeria <axilirator@gmail.com> </div>
<div style="display:none"> Gerrit-Reviewer: Jenkins Builder </div>
<div style="display:none"> Gerrit-Reviewer: fixeria <axilirator@gmail.com> </div>
<div style="display:none"> Gerrit-Reviewer: laforge <laforge@osmocom.org> </div>
<div style="display:none"> Gerrit-CC: pespin <pespin@sysmocom.de> </div>
<div style="display:none"> Gerrit-MessageType: newpatchset </div>