fixeria has uploaded this change for review.
fixup: sgsn: fix unused param in f_routing_area_update()
In 1ee1edd2 I changed f_routing_area_update() to actually use the
given RAI as Old RAI in the Routing Area Update Request. Not only
this broke the testcase scenario (Old RAI shall remain unchanged!),
but also started triggering a use-after-free bug in osmo-sgsn.
Passing 'ran_index := 1' is enough for the second Routing Area Update
Request to show up with a different RAI (at BSSGP level), however the
Old RAI IE shall obviously indicate the *old* RAI, not the new one.
A follow-up commit will add a separate testcase to reproduce the
use-after-free problem in osmo-sgsn.
Change-Id: Ib16985cb08834a238ca4f7a747c43097f430ed6f
Fixes: 1ee1edd2 "sgsn: fix unused param in f_routing_area_update()"
Related: OS#6439
---
M sgsn/SGSN_Tests.ttcn
1 file changed, 24 insertions(+), 1 deletion(-)
git pull ssh://gerrit.osmocom.org:29418/osmo-ttcn3-hacks refs/changes/13/36613/1
diff --git a/sgsn/SGSN_Tests.ttcn b/sgsn/SGSN_Tests.ttcn
index 67e815b..0371e29 100644
--- a/sgsn/SGSN_Tests.ttcn
+++ b/sgsn/SGSN_Tests.ttcn
@@ -2734,7 +2734,7 @@
f_bssgp_client_register(g_pars.imsi, g_pars.tlli, BSSGP_PROC[1]);
log("sending second RAU via different RA");
- f_routing_area_update(f_cellid_to_RAI(g_pars.bssgp_cell_id[1]), ran_index := 1);
+ f_routing_area_update(old_ra := g_pars.ra, ran_index := 1);
f_detach_mo(c_GMM_DTT_MO_GPRS, true, true, 1);
}
To view, visit change 36613. To unsubscribe, or for help writing mail filters, visit settings.