Attention is currently required from: canghaiwuhen, laforge.

fixeria has uploaded a new patch set (#19) to the change originally created by canghaiwuhen. ( https://gerrit.osmocom.org/c/osmo-sgsn/+/42050?usp=email )

The following approvals got outdated and were removed: Verified+1 by Jenkins Builder

Change subject: gprs_sm: gsm48_tx_gsm_act_pdp_acc(): fix QoS profile length ......................................................................

gprs_sm: gsm48_tx_gsm_act_pdp_acc(): fix QoS profile length

The Activate PDP Context Accept was always sending sizeof(default_qos) (14 bytes) as the QoS profile length, regardless of what the UE requested. Older modules such as the Air20X may crash and restart during PDP attachment because of that.

In GTP, qos_req.l encodes 1 ARP byte followed by the QoS profile octets, so (qos_req.l - 1) is the actual profile length. Mirror back the same QoS profile length the UE sent in its request, capped at sizeof(default_qos) to avoid overrunning the default_qos buffer. This matters in particular for R97/R98 UEs that send a 3-byte QoS profile and should not receive a 14-byte response.

Change-Id: I11c24b64f0e49cf80c825969dbf018b2948d855c Related: OS#6922 --- M src/sgsn/gprs_sm.c 1 file changed, 10 insertions(+), 1 deletion(-)

git pull ssh://gerrit.osmocom.org:29418/osmo-sgsn refs/changes/50/42050/19