matanp has uploaded this change for review. ( https://gerrit.osmocom.org/c/osmo-msc/+/41131?usp=email )

Change subject: vlr: Stop silent call before deduping subscribers ......................................................................

vlr: Stop silent call before deduping subscribers

Before this fix, A use count mismatch could be reached by:

* Completing a location updating procedure with TMSI. * Disconnecting from the BTS. * Starting a silent call from the MSC. * Registering again with the same IMSI but a different TMSI.

This would cause the a new subscriber to be created without the silent call use count, which in turn would cause the assert in `vlr_subscr_put` in `trans_free` to fail with use count of -1.

Change-Id: If23f8b0e42d4a3a8bf1c8f5ca81b045834b6cccd --- M src/libvlr/vlr.c 1 file changed, 7 insertions(+), 0 deletions(-)

git pull ssh://gerrit.osmocom.org:29418/osmo-msc refs/changes/31/41131/1

diff --git a/src/libvlr/vlr.c b/src/libvlr/vlr.c index e90596c..c4941b4 100644 --- a/src/libvlr/vlr.c +++ b/src/libvlr/vlr.c @@ -36,6 +36,7 @@ #include <osmocom/vlr/vlr.h> #include <osmocom/gsupclient/gsup_client_mux.h> #include <osmocom/msc/paging.h> +#include <osmocom/msc/silent_call.h>

#include <netinet/in.h> #include <arpa/inet.h> @@ -643,6 +644,12 @@ if (!strcmp(vsub->imsi, imsi)) return;

+ /* If the same subscriber has silent call (probably pending) stop the silent call to prevent + * use count mismatch when freeing the transaction. */ + exists = vlr_subscr_find_by_imsi(vsub->vlr, imsi, NULL); + if (exists) + gsm_silent_call_stop(exists); + /* We've just learned about this new IMSI, our primary key in the VLR. make sure to invalidate any prior VLR * entries for this IMSI. */ exists = vlr_subscr_find_by_imsi(vsub->vlr, imsi, NULL);