path: root/openbsc/src/libmsc/gsm_04_11.c
diff options
authorHolger Hans Peter Freyther <>2013-01-13 16:23:36 +0100
committerHolger Hans Peter Freyther <>2013-01-13 17:30:00 +0100
commitba36bf4c5d78bb1469d259dfae958496d96ae48c (patch)
treea1c8a2fbe8f02f69c0d1724c1806ff07e58cbbf4 /openbsc/src/libmsc/gsm_04_11.c
parent30a3d2f0fe75385384c604a94eedb1e83f515464 (diff)
sms: Avoid infinite CP-ERROR/CP-ACK loop with sms.
The issue can be reproduced by typing the following 9 or more times. OpenBSC> subscriber id 2 sms sender id 2 send bla For some unknown reason the phone sends us a CP-ERROR for a transaction identifier we have allocated and used but don't remember. Due the way we use the SMC/SMR we 'establish' the machine and this results in a CP-ACK being sent out. But the CP-ERROR is not having the content we want for an establish so we send out a RP-ERROR. This will result in a CP-ERROR because the phone does not know the transaction... Avoid the issue by checking the direction of the transaction. If we do not know the transaction and it is supposed to be allocated by us then just ignore it and do not create a new transaction.
Diffstat (limited to 'openbsc/src/libmsc/gsm_04_11.c')
1 files changed, 12 insertions, 0 deletions
diff --git a/openbsc/src/libmsc/gsm_04_11.c b/openbsc/src/libmsc/gsm_04_11.c
index f22a7e1..9e00bda 100644
--- a/openbsc/src/libmsc/gsm_04_11.c
+++ b/openbsc/src/libmsc/gsm_04_11.c
@@ -762,6 +762,18 @@ int gsm0411_rcv_sms(struct gsm_subscriber_connection *conn,
DEBUGP(DLSMS, "receiving data (trans_id=%x)\n", transaction_id);
trans = trans_find_by_id(conn->subscr, GSM48_PDISC_SMS,
+ /*
+ * A transaction we created but don't know about?
+ */
+ if (!trans && (transaction_id & 0x8) == 0) {
+ LOGP(DLSMS, LOGL_ERROR, "trans_id=%x allocated by us but known "
+ "to us anymore. We are ignoring it, maybe a CP-ERROR "
+ "from a MS?\n",
+ transaction_id);
+ return -EINVAL;
+ }
if (!trans) {
DEBUGP(DLSMS, " -> (new transaction)\n");
trans = trans_alloc(conn->subscr, GSM48_PDISC_SMS,