OpenBSC bug that triggers Qualcomm baseband bug (patch)

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/OpenBSC@lists.osmocom.org/.

Tobias Engel t-openbsc at tobias.org
Wed Feb 22 13:01:55 UTC 2012


Hi,

currently, when OpenBSC receives any mobile originated Supplementary
Service request, it always treats it as an USSD request (because the
only SS it supports is a USSD request for sending back the extension of
the subscriber).

What I think the code in handle_rcv_ussd is meant to be doing is:

If the request contained an USSD string, and if that string is equal to
"*#100#", return the subscriber extension. In all other cases reject the
request with "unrecognized component".

But currently it returns the extension even when the SS request wasn't
even an USSD request.

That causes several phones with Qualcomm baseband to hang and reboot
after a while because in some situations they send an interrogateSS
request to query if any call forwardings are active and cannot handle
the wrong answer they receive.

(Strangely, that happens with most "modern" HTC phones i have tried
right after logging into the network, rendering them completely useless
for use with OpenBSC)

Here is a patch:

--- a/openbsc/src/libmsc/ussd.c
+++ b/openbsc/src/libmsc/ussd.c
@@ -54,7 +54,7 @@ int handle_rcv_ussd(struct gsm_subscriber_connection
*conn, struct msgb *msg)
        if (req.text[0] == 0xFF)  /* Release-Complete */
                return 0;

-       if (strstr(USSD_TEXT_OWN_NUMBER, req.text) != NULL) {
+       if (strcmp(USSD_TEXT_OWN_NUMBER, (const char *) req.text) == 0) {
                DEBUGP(DMM, "USSD: Own number requested\n");
                rc = send_own_number(conn, msg, &req);
        } else {



-Tobias




More information about the OpenBSC mailing list