[S] Change in osmo-ttcn3-hacks[master]: fixup: sgsn: fix unused param in f_routing_area_update()
21 Apr
2024
21 Apr
'24
3:59 p.m.
fixeria has uploaded this change for review. (
https://gerrit.osmocom.org/c/osmo-ttcn3-hacks/+/36613?usp=email )
Change subject: fixup: sgsn: fix unused param in f_routing_area_update()
......................................................................
fixup: sgsn: fix unused param in f_routing_area_update()
In 1ee1edd2 I changed f_routing_area_update() to actually use the
given RAI as Old RAI in the Routing Area Update Request. Not only
this broke the testcase scenario (Old RAI shall remain unchanged!),
but also started triggering a use-after-free bug in osmo-sgsn.
Passing 'ran_index := 1' is enough for the second Routing Area Update
Request to show up with a different RAI (at BSSGP level), however the
Old RAI IE shall obviously indicate the *old* RAI, not the new one.
A follow-up commit will add a separate testcase to reproduce the
use-after-free problem in osmo-sgsn.
Change-Id: Ib16985cb08834a238ca4f7a747c43097f430ed6f
Fixes: 1ee1edd2 "sgsn: fix unused param in f_routing_area_update()"
Related: OS#6439
---
M sgsn/SGSN_Tests.ttcn
1 file changed, 24 insertions(+), 1 deletion(-)
git pull ssh://gerrit.osmocom.org:29418/osmo-ttcn3-hacks refs/changes/13/36613/1
diff --git a/sgsn/SGSN_Tests.ttcn b/sgsn/SGSN_Tests.ttcn
index 67e815b..0371e29 100644
--- a/sgsn/SGSN_Tests.ttcn
+++ b/sgsn/SGSN_Tests.ttcn
@@ -2734,7 +2734,7 @@
f_bssgp_client_register(g_pars.imsi, g_pars.tlli, BSSGP_PROC[1]);
log("sending second RAU via different RA");
- f_routing_area_update(f_cellid_to_RAI(g_pars.bssgp_cell_id[1]), ran_index := 1);
+ f_routing_area_update(old_ra := g_pars.ra, ran_index := 1);
f_detach_mo(c_GMM_DTT_MO_GPRS, true, true, 1);
}
--
To view, visit https://gerrit.osmocom.org/c/osmo-ttcn3-hacks/+/36613?usp=email
To unsubscribe, or for help writing mail filters, visit
https://gerrit.osmocom.org/settings
Gerrit-Project: osmo-ttcn3-hacks
Gerrit-Branch: master
Gerrit-Change-Id: Ib16985cb08834a238ca4f7a747c43097f430ed6f
Gerrit-Change-Number: 36613
Gerrit-PatchSet: 1
Gerrit-Owner: fixeria <vyanitskiy(a)sysmocom.de>
Gerrit-MessageType: newchange
431
days inactive
431
days old
0 comments
1 participants
participants (1)
-
fixeria