[MERGED] libosmocore[master]: Fix malformed Abis/RSL messages with extra L3 Information field

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.

Harald Welte gerrit-no-reply at lists.osmocom.org
Sun Dec 10 15:31:10 UTC 2017


Harald Welte has submitted this change and it was merged.

Change subject: Fix malformed Abis/RSL messages with extra L3 Information field
......................................................................


Fix malformed Abis/RSL messages with extra L3 Information field

Some Abis/RSL messages such as "Release Indication" contained 3 extra
bytes from an L3 Information header which should not be there according
to specs in GSM 08.58 (section 8.3 "Radio link layer management
messages"). Other RSL messages were affected by the same issue, except
for "Establish Indication", which had already a workaround in
send_rslms_dlsap.

This commit fixes the issue in a generic way, removes the "Establish
Indication" and fixes the test accounting for the bug, as it otherwise
fails after applying the changes.

Fixes: OS#1635, OS#2336

Change-Id: Ibb116214e8b1798d65a8b0917150496a3c14f344
---
M src/gsm/lapd_core.c
M src/gsm/lapdm.c
M tests/lapd/lapd_test.c
M tests/lapd/lapd_test.ok
4 files changed, 3 insertions(+), 16 deletions(-)

Approvals:
  Max: Looks good to me, but someone else must approve
  Harald Welte: Looks good to me, approved
  Jenkins Builder: Verified



diff --git a/src/gsm/lapd_core.c b/src/gsm/lapd_core.c
index 4847626..5d87154 100644
--- a/src/gsm/lapd_core.c
+++ b/src/gsm/lapd_core.c
@@ -379,9 +379,7 @@
 static inline int send_dl_simple(uint8_t prim, uint8_t op,
 	struct lapd_msg_ctx *lctx)
 {
-	struct msgb *msg = lapd_msgb_alloc(0, "DUMMY");
-
-	return send_dl_l3(prim, op, lctx, msg);
+	return send_dl_l3(prim, op, lctx, NULL);
 }
 
 /* send MDL-ERROR INDICATION */
diff --git a/src/gsm/lapdm.c b/src/gsm/lapdm.c
index 7ca2b3e..80c0d17 100644
--- a/src/gsm/lapdm.c
+++ b/src/gsm/lapdm.c
@@ -414,11 +414,6 @@
 
 	switch (OSMO_PRIM_HDR(&dp->oph)) {
 	case OSMO_PRIM(PRIM_DL_EST, PRIM_OP_INDICATION):
-		if (dp->oph.msg && dp->oph.msg->len == 0) {
-			/* omit L3 info by freeing message */
-			msgb_free(dp->oph.msg);
-			dp->oph.msg = NULL;
-		}
 		rll_msg = RSL_MT_EST_IND;
 		break;
 	case OSMO_PRIM(PRIM_DL_EST, PRIM_OP_CONFIRM):
diff --git a/tests/lapd/lapd_test.c b/tests/lapd/lapd_test.c
index fd92cac..e627ba6 100644
--- a/tests/lapd/lapd_test.c
+++ b/tests/lapd/lapd_test.c
@@ -350,19 +350,13 @@
 		struct abis_rsl_rll_hdr hdr;
 
 		printf("MS: Verifying incoming primitive.\n");
-		OSMO_ASSERT(msg->len == sizeof(struct abis_rsl_rll_hdr) + 3);
+		OSMO_ASSERT(msg->len == sizeof(struct abis_rsl_rll_hdr));
 
 		/* verify the header */
 		memset(&hdr, 0, sizeof(hdr));
 		rsl_init_rll_hdr(&hdr, RSL_MT_EST_CONF);
 		hdr.c.msg_discr |= ABIS_RSL_MDISC_TRANSP;
 		OSMO_ASSERT(memcmp(msg->data, &hdr, sizeof(hdr)) == 0);
-
-		/* Verify the added RSL_IE_L3_INFO but we have a bug here */
-		OSMO_ASSERT(msg->data[6] == RSL_IE_L3_INFO);
-		#pragma message ("RSL_IE_L3_INFO 16 bit length is wrong")
-		/* This should be okay but it is actually 0x0, 0x9c on ia-32 */
-		/* OSMO_ASSERT(msg->data[7] == 0x0 && msg->data[8] == 0x0); */
 	} else if (state->ms_read == 1) {
 		printf("MS: Verifying incoming MM message: %d\n", msgb_l3len(msg));
 		OSMO_ASSERT(msgb_l3len(msg) == 3);
diff --git a/tests/lapd/lapd_test.ok b/tests/lapd/lapd_test.ok
index e188e27..835ca2b 100644
--- a/tests/lapd/lapd_test.ok
+++ b/tests/lapd/lapd_test.ok
@@ -7,7 +7,7 @@
 Confirming
 Took message from DCCH queue: L2 header size 3, L3 size 20, SAP 0x1000000, 0/0, Link 0x00
 Message: [L2]> 01 73 41 [L3]> 05 24 31 03 50 18 93 08 29 47 80 00 00 00 00 80 2b 2b 2b 2b 
-ms_to_bts_tx_cb: BTS->MS(us) message 9
+ms_to_bts_tx_cb: BTS->MS(us) message 6
 MS: Verifying incoming primitive.
 
 Sending back to MS

-- 
To view, visit https://gerrit.osmocom.org/3258
To unsubscribe, visit https://gerrit.osmocom.org/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: Ibb116214e8b1798d65a8b0917150496a3c14f344
Gerrit-PatchSet: 3
Gerrit-Project: libosmocore
Gerrit-Branch: master
Gerrit-Owner: Harald Welte <laforge at gnumonks.org>
Gerrit-Reviewer: Harald Welte <laforge at gnumonks.org>
Gerrit-Reviewer: Holger Freyther <holger at freyther.de>
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: Max <msuraev at sysmocom.de>
Gerrit-Reviewer: Minh-Quang Nguyen <minh-quang.nguyen at nutaq.com>
Gerrit-Reviewer: Pau Espin Pedrol <pespin at sysmocom.de>



More information about the gerrit-log mailing list