Hi,
currently, when OpenBSC receives any mobile originated Supplementary Service request, it always treats it as an USSD request (because the only SS it supports is a USSD request for sending back the extension of the subscriber).
What I think the code in handle_rcv_ussd is meant to be doing is:
If the request contained an USSD string, and if that string is equal to "*#100#", return the subscriber extension. In all other cases reject the request with "unrecognized component".
But currently it returns the extension even when the SS request wasn't even an USSD request.
That causes several phones with Qualcomm baseband to hang and reboot after a while because in some situations they send an interrogateSS request to query if any call forwardings are active and cannot handle the wrong answer they receive.
(Strangely, that happens with most "modern" HTC phones i have tried right after logging into the network, rendering them completely useless for use with OpenBSC)
Here is a patch:
--- a/openbsc/src/libmsc/ussd.c +++ b/openbsc/src/libmsc/ussd.c @@ -54,7 +54,7 @@ int handle_rcv_ussd(struct gsm_subscriber_connection *conn, struct msgb *msg) if (req.text[0] == 0xFF) /* Release-Complete */ return 0;
- if (strstr(USSD_TEXT_OWN_NUMBER, req.text) != NULL) { + if (strcmp(USSD_TEXT_OWN_NUMBER, (const char *) req.text) == 0) { DEBUGP(DMM, "USSD: Own number requested\n"); rc = send_own_number(conn, msg, &req); } else {
-Tobias
Tobias Engel wrote:
Strangely, that happens with most "modern" HTC phones i have tried right after logging into the network, rendering them completely useless for use with OpenBSC
Confirm. Many HTC phones had problems both at camp and congress.
+++ b/openbsc/src/libmsc/ussd.c @@ -54,7 +54,7 @@ int handle_rcv_ussd(struct gsm_subscriber_connection *conn, struct msgb *msg) if (req.text[0] == 0xFF) /* Release-Complete */ return 0;
if (strstr(USSD_TEXT_OWN_NUMBER, req.text) != NULL) {
if (strcmp(USSD_TEXT_OWN_NUMBER, (const char *) req.text) == 0) {
Yay! I hope it gets included soon!
//Peter
Hi Tobias,
thanks for your bug analysis and patch. However, I don't really see how
if (strstr(USSD_TEXT_OWN_NUMBER, req.text) != NULL) {
if (strcmp(USSD_TEXT_OWN_NUMBER, (const char *) req.text) == 0) {
will fix it. What other SS operations include a *#100# in them, so the old code would match on them?
Thanks!
Hi Harald,
thanks for your bug analysis and patch. However, I don't really see how
if (strstr(USSD_TEXT_OWN_NUMBER, req.text) != NULL) {
if (strcmp(USSD_TEXT_OWN_NUMBER, (const char *) req.text) == 0) {will fix it. What other SS operations include a *#100# in them, so the old code would match on them?
no, the old code matches any _substring_ of "*#100#", including the empty string (which is the case if it was a non-USSD-SS operation).
(In strstr, a substring of the second parameter is searched for in the first parameter.)
If it would have been
if (strstr(req.text, USSD_TEXT_OWN_NUMBER) != NULL) {
only strings that at least included "*#100#" would have been matched.
-Tobias
On Fri, Feb 24, 2012 at 08:05:10PM +0100, Tobias Engel wrote:
Hi Harald,
thanks for your bug analysis and patch. However, I don't really see how
if (strstr(USSD_TEXT_OWN_NUMBER, req.text) != NULL) {
if (strcmp(USSD_TEXT_OWN_NUMBER, (const char *) req.text) == 0) {will fix it. What other SS operations include a *#100# in them, so the old code would match on them?
no, the old code matches any _substring_ of "*#100#", including the empty string (which is the case if it was a non-USSD-SS operation).
doh! It probably shows that I don't remember having ever used strstr() in any program myself...
patch applied.
On 02/24/2012 03:54 PM, Harald Welte wrote:
Hi Tobias,
thanks for your bug analysis and patch. However, I don't really see how
if (strstr(USSD_TEXT_OWN_NUMBER, req.text) != NULL) {
if (strcmp(USSD_TEXT_OWN_NUMBER, (const char *) req.text) == 0) {
the old code got strstr the wrong way.. needle and the haystack are mixed up...
if (strstr(USSD_TEXT_OWN_NUMBER, req.text) != NULL) {
if (strcmp(USSD_TEXT_OWN_NUMBER, (const char *) req.text) == 0) {the old code got strstr the wrong way.. needle and the haystack are mixed up...
hmm, this explains why a call forward query (no USSD) always caused to get a reply with own number.
-
Andreas Eversberg -
Harald Welte -
Holger Hans Peter Freyther -
Peter Stuge -
Tobias Engel