[PATCH 2/4] gprs: Fix GSUP cancel_type handling (Coverity)

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/OpenBSC@lists.osmocom.org/.

Jacob Erlbeck jerlbeck at sysmocom.de
Tue Apr 7 15:49:48 UTC 2015 

When handling an incoming GSUP cancellation request, the cancel_type
if effectively ignored, such that is always handled as
GPRS_GSUP_CANCEL_TYPE_UPDATE and never as WITHDRAW.

This commit fixes the expression used to set the variable
is_update_procedure.

Fixes: Coverity CID 1267739
Sponsored-by: On-Waves ehf
---
 openbsc/src/gprs/gprs_subscriber.c |  3 ++-
 openbsc/tests/sgsn/sgsn_test.c     | 12 ++++++++++++
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/openbsc/src/gprs/gprs_subscriber.c b/openbsc/src/gprs/gprs_subscriber.c
index 8486834..e3da0f8 100644
--- a/openbsc/src/gprs/gprs_subscriber.c
+++ b/openbsc/src/gprs/gprs_subscriber.c
@@ -492,7 +492,8 @@ static int gprs_subscr_handle_loc_cancel_req(struct gsm_subscriber *subscr,
 					     struct gprs_gsup_message *gsup_msg)
 {
 	struct gprs_gsup_message gsup_reply = {0};
-	int is_update_procedure = !gsup_msg->cancel_type || gsup_msg->cancel_type;
+	int is_update_procedure = !gsup_msg->cancel_type ||
+		gsup_msg->cancel_type == GPRS_GSUP_CANCEL_TYPE_UPDATE;
 
 	LOGGSUBSCRP(LOGL_INFO, subscr, "Cancelling MS subscriber (%s)\n",
 		    is_update_procedure ?
diff --git a/openbsc/tests/sgsn/sgsn_test.c b/openbsc/tests/sgsn/sgsn_test.c
index 6fc4f99..197be9d 100644
--- a/openbsc/tests/sgsn/sgsn_test.c
+++ b/openbsc/tests/sgsn/sgsn_test.c
@@ -440,6 +440,12 @@ static void test_subscriber_gsup(void)
 		0x06, 0x01, 0x00,
 	};
 
+	static const uint8_t location_cancellation_req_withdraw[] = {
+		0x1c,
+		TEST_GSUP_IMSI1_IE,
+		0x06, 0x01, 0x01,
+	};
+
 	static const uint8_t location_cancellation_req_other[] = {
 		0x1c,
 		0x01, 0x05, 0x11, 0x11, 0x11, 0x11, 0x01,
@@ -582,6 +588,12 @@ static void test_subscriber_gsup(void)
 	OSMO_ASSERT(s1->flags & GPRS_SUBSCRIBER_CANCELLED);
 	OSMO_ASSERT(s1->sgsn_data->mm == NULL);
 
+	/* Inject LocCancelReq(withdraw) GSUP message */
+	rc = rx_gsup_message(location_cancellation_req_withdraw,
+			     sizeof(location_cancellation_req_withdraw));
+	OSMO_ASSERT(rc >= 0);
+	OSMO_ASSERT(s1->sgsn_data->error_cause == GMM_CAUSE_IMPL_DETACHED);
+
 	/* Inject PurgeMsRes GSUP message */
 	rc = rx_gsup_message(purge_ms_res,
 			     sizeof(purge_ms_res));
-- 
1.9.1

More information about the OpenBSC mailing list