aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPau Espin Pedrol <pespin@sysmocom.de>2020-03-23 14:35:26 +0100
committerPau Espin Pedrol <pespin@sysmocom.de>2020-03-23 15:34:11 +0100
commitefad80bfbffb2a35d2516e56dc40979f19c6c370 (patch)
tree831ecb8135f941a4079bd474505d3caf361bc7b3
parent81b40cbaf3070f70954663f68375100128bdc77e (diff)
csn1: Validate recursive array max size during decoding
This way if CSN1 encoded bitstream contains more elements than what the defintion expects it will fail instead of overflowing the decoded buffer. RA cap struct placed in unit test is taken from a real android phone sending the value when attaching to the network. Then SGSN sends it back and osmo-pcu would crash similar to unit test: *** stack smashing detected ***: terminated Process terminating with default action of signal 6 (SIGABRT): dumping core at 0x4C62CE5: raise (in /usr/lib/libc-2.31.so) by 0x4C4C856: abort (in /usr/lib/libc-2.31.so) by 0x4CA62AF: __libc_message (in /usr/lib/libc-2.31.so) by 0x4D36069: __fortify_fail (in /usr/lib/libc-2.31.so) by 0x4D36033: __stack_chk_fail (in /usr/lib/libc-2.31.so) by 0x124706: testRAcap2(void*) (RLCMACTest.cpp:468) Related: OS#4463 Change-Id: I9fe0e55e0a6a41ae2cc885fba490c1d4a186231e
-rw-r--r--src/csn1.c18
-rw-r--r--src/csn1.h6
-rw-r--r--tests/rlcmac/RLCMACTest.cpp141
-rw-r--r--tests/rlcmac/RLCMACTest.err1
-rw-r--r--tests/rlcmac/RLCMACTest.ok2
5 files changed, 163 insertions, 5 deletions
diff --git a/src/csn1.c b/src/csn1.c
index 296bf6c..7172847 100644
--- a/src/csn1.c
+++ b/src/csn1.c
@@ -1278,9 +1278,10 @@ csnStreamDecoder(csnStream_t* ar, const CSN_DESCR* pDescr, struct bitvec *vector
case CSN_RECURSIVE_TARRAY:
{ /* Recursive way to specify an array of type: <lists> ::= { 1 <type> } ** 0 ;
* M_REC_TARRAY(_STRUCT, _MEMBER, _MEMBER_TYPE, _ElementCountField)
- * {t, offsetof(_STRUCT, _ElementCountField), (void*)CSNDESCR_##_MEMBER_TYPE, offsetof(_STRUCT, _MEMBER), #_MEMBER, (StreamSerializeFcn_t)sizeof(_MEMBER_TYPE)}
+ * {t, offsetof(_STRUCT, _ElementCountField), (void*)CSNDESCR_##_MEMBER_TYPE, offsetof(_STRUCT, _MEMBER), #_MEMBER, (StreamSerializeFcn_t)sizeof(_MEMBER_TYPE), (void_fn_t)ElementsOf(((_STRUCT*)0)->_MEMBER)}
*/
gint16 nSizeElement = (gint16)(gint32)pDescr->value;
+ guint32 nSizeArray = (guint32)((uintptr_t)pDescr->aux_fn);
guint8 ElementCount = 0;
pui8 = pui8DATA(data, pDescr->offset);
@@ -1292,6 +1293,12 @@ csnStreamDecoder(csnStream_t* ar, const CSN_DESCR* pDescr, struct bitvec *vector
remaining_bits_len--;
ElementCount++;
+ if (ElementCount > nSizeArray)
+ {
+ LOGPC(DCSN1, LOGL_ERROR, "error: %s: too many elements (>%u) in recursive array. Increase its size! } |", pDescr->sz, nSizeArray);
+ return ProcessError(readIndex,"csnStreamDecoder", CSN_ERROR_STREAM_NOT_SUPPORTED, pDescr);
+ }
+
{ /* unpack the following data structure */
csnStream_t arT = *ar;
gint16 Status;
@@ -1342,9 +1349,10 @@ csnStreamDecoder(csnStream_t* ar, const CSN_DESCR* pDescr, struct bitvec *vector
case CSN_RECURSIVE_TARRAY_1:
{ /* Recursive way to specify an array of type: <lists> ::= <type> { 1 <type> } ** 0 ;
* M_REC_TARRAY(_STRUCT, _MEMBER, _MEMBER_TYPE, _ElementCountField)
- * {t, offsetof(_STRUCT, _ElementCountField), (void*)CSNDESCR_##_MEMBER_TYPE, offsetof(_STRUCT, _MEMBER), #_MEMBER, (StreamSerializeFcn_t)sizeof(_MEMBER_TYPE)}
+ * {t, offsetof(_STRUCT, _ElementCountField), (void*)CSNDESCR_##_MEMBER_TYPE, offsetof(_STRUCT, _MEMBER), #_MEMBER, (StreamSerializeFcn_t)sizeof(_MEMBER_TYPE), (void_fn_t)ElementsOf(((_STRUCT*)0)->_MEMBER)}
*/
gint16 nSizeElement = (gint16)(gint32)pDescr->value;
+ guint32 nSizeArray = (guint32)((uintptr_t)pDescr->aux_fn);
guint8 ElementCount = 0;
csnStream_t arT = *ar;
gboolean EndOfList = FALSE;
@@ -1355,6 +1363,12 @@ csnStreamDecoder(csnStream_t* ar, const CSN_DESCR* pDescr, struct bitvec *vector
{ /* get data element */
ElementCount++;
+ if (ElementCount > nSizeArray)
+ {
+ LOGPC(DCSN1, LOGL_ERROR, "error: %s: too many elements (>%u) in recursive array. Increase its size! } |", pDescr->sz, nSizeArray);
+ return ProcessError(readIndex,"csnStreamDecoder", CSN_ERROR_STREAM_NOT_SUPPORTED, pDescr);
+ }
+
LOGPC(DCSN1, LOGL_DEBUG, "%s { | ", pDescr->sz);
csnStreamInit(&arT, bit_offset, remaining_bits_len);
diff --git a/src/csn1.h b/src/csn1.h
index b3fdc0a..0421b39 100644
--- a/src/csn1.h
+++ b/src/csn1.h
@@ -443,7 +443,7 @@ gint16 csnStreamEncoder(csnStream_t* ar, const CSN_DESCR* pDescr, struct bitvec
* Par4: will hold the number of element in the array after unpacking
*****************************************************************************/
#define M_REC_TARRAY(_STRUCT, _MEMBER, _MEMBER_TYPE, _ElementCountField)\
- {CSN_RECURSIVE_TARRAY, offsetof(_STRUCT, _ElementCountField), {(const void*)CSNDESCR_##_MEMBER_TYPE}, offsetof(_STRUCT, _MEMBER), FALSE, #_MEMBER, sizeof(_MEMBER_TYPE), NULL}
+ {CSN_RECURSIVE_TARRAY, offsetof(_STRUCT, _ElementCountField), {(const void*)CSNDESCR_##_MEMBER_TYPE}, offsetof(_STRUCT, _MEMBER), FALSE, #_MEMBER, sizeof(_MEMBER_TYPE), (void_fn_t)ElementsOf(((_STRUCT*)0)->_MEMBER)}
/******************************************************************************
* M_REC_TARRAY1(Par1, Par2, Par3, Par4)
@@ -451,7 +451,7 @@ gint16 csnStreamEncoder(csnStream_t* ar, const CSN_DESCR* pDescr, struct bitvec
* <list> ::= <type> {1 <type>} ** 0 ;
*****************************************************************************/
#define M_REC_TARRAY_1(_STRUCT, _MEMBER, _MEMBER_TYPE, _ElementCountField)\
- {CSN_RECURSIVE_TARRAY_1, offsetof(_STRUCT, _ElementCountField), {(const void*)CSNDESCR_##_MEMBER_TYPE}, offsetof(_STRUCT, _MEMBER), FALSE, #_MEMBER, sizeof(_MEMBER_TYPE), NULL}
+ {CSN_RECURSIVE_TARRAY_1, offsetof(_STRUCT, _ElementCountField), {(const void*)CSNDESCR_##_MEMBER_TYPE}, offsetof(_STRUCT, _MEMBER), FALSE, #_MEMBER, sizeof(_MEMBER_TYPE), (void_fn_t)ElementsOf(((_STRUCT*)0)->_MEMBER)}
/******************************************************************************
* M_REC_TARRAY2(Par1, Par2, Par3, Par4)
@@ -459,7 +459,7 @@ gint16 csnStreamEncoder(csnStream_t* ar, const CSN_DESCR* pDescr, struct bitvec
* <lists> ::= <type> { 0 <type> } ** 1 ;
*****************************************************************************/
#define M_REC_TARRAY_2(_STRUCT, _MEMBER, _MEMBER_TYPE, _ElementCountField)\
- {CSN_RECURSIVE_TARRAY_2, offsetof(_STRUCT, _ElementCountField), {(const void*)CSNDESCR_##_MEMBER_TYPE}, offsetof(_STRUCT, _MEMBER), FALSE, #_MEMBER, sizeof(_MEMBER_TYPE), NULL}
+ {CSN_RECURSIVE_TARRAY_2, offsetof(_STRUCT, _ElementCountField), {(const void*)CSNDESCR_##_MEMBER_TYPE}, offsetof(_STRUCT, _MEMBER), FALSE, #_MEMBER, sizeof(_MEMBER_TYPE), (void_fn_t)ElementsOf(((_STRUCT*)0)->_MEMBER)}
/******************************************************************************
* M_TYPE(Par1, Par2, Par3)
diff --git a/tests/rlcmac/RLCMACTest.cpp b/tests/rlcmac/RLCMACTest.cpp
index 6529d4d..058d57e 100644
--- a/tests/rlcmac/RLCMACTest.cpp
+++ b/tests/rlcmac/RLCMACTest.cpp
@@ -328,6 +328,146 @@ void testMalformedRAcap(void *test_ctx)
bitvec_free(bv_dec);
}
+/* Reproduce crash from ticket OS#4463 */
+void testRAcap2(void *test_ctx)
+{
+ printf("*** %s ***\n", __func__);
+ MS_Radio_Access_capability_t data;
+ memset(&data, 0, sizeof(data));
+ bitvec *bv_dec = bitvec_alloc(23, test_ctx);
+ int rc;
+/*
+MS Radio Access Capability
+ Element ID: 0x13
+ 1... .... = ext: 1
+ Length: 23
+ ------------------------------------------- Hex bitstream starts here:
+ MS RA capability 1
+ 0001 .... = Access Technology Type: GSM E --note that GSM E covers GSM P (1)
+ .... 1001 001. .... = Length in bits: 0x49 (73)
+ ...1 00.. RF Power Capability, GMSK Power Class: 2 W (33 dBm) (4)
+ A5 Bits: A5 bits follow (1)
+ A5/1: encryption algorithm available (1)
+ A5/2: encryption algorithm not available (0)
+ A5/3: encryption algorithm available (1)
+ A5/4: encryption algorithm not available (0)
+ A5/5: encryption algorithm not available (0)
+ A5/6: encryption algorithm not available (0)
+ A5/7: encryption algorithm not available (0)
+ .... ..1. = Controlled early Classmark Sending: Implemented
+ .... ...1 = Pseudo Synchronisation: Present
+ 0... .... = Voice Group Call Service: no VGCS capability or no notifications wanted
+ .0.. .... = Voice Broadcast Service: no VBS capability or no notifications wanted
+ ..1. .... = Multislot capability struct: Present
+ HSCSD multislot class: Bits are not available (0)
+ .... 0111 = SMS_VALUE (Switch-Measure-Switch): 8/4 timeslot (~1154 microseconds) (7)
+ 0001 .... = (SM_VALUE) Switch-Measure: 2/4 timeslot (~288 microseconds) (1)
+ ECSD multislot class: Bits are not available (0)
+ .... ...0 = Single Slot DTM: Not supported
+ 1... .... = DTM EGPRS Multi Slot Class: Present
+ .... .011 00.. .... = GPRS multislot class: Max Rx-Slot/TDMA:4 Max Tx-Slot/TDMA:4 Max-Sum-Slot/TDMA:5 Tta:2 Ttb:1 Tra:2 Trb:1 Type:1 (12)
+ ..1. .... = GPRS Extended Dynamic Allocation Capability: Implemented
+ .... ..01 100. .... = EGPRS multislot class: Max Rx-Slot/TDMA:4 Max Tx-Slot/TDMA:4 Max-Sum-Slot/TDMA:5 Tta:2 Ttb:1 Tra:2 Trb:1 Type:1 (12)
+ ...1 .... = EGPRS Extended Dynamic Allocation Capability: Implemented
+ .... .11. = DTM GPRS Multi Slot Class: Multislot class 11 supported (3)
+ .11. .... = DTM EGPRS Multi Slot Class: Multislot class 11 supported (3)
+ ...1 .... = 8PSK Power Capability Bits: Present
+ 8PSK Power Capability: Power class E2 (2)
+ .... ..0. = COMPACT Interference Measurement Capability: Not Implemented
+ .... ...1 = Revision Level Indicator: The ME is Release '99 onwards
+ 0... .... = UMTS FDD Radio Access Technology Capability: Not supported
+ .0.. .... = UMTS 3.84 Mcps TDD Radio Access Technology Capability: Not supported
+ ..0. .... = CDMA 2000 Radio Access Technology Capability: Not supported
+ ...0 .... = UMTS 1.28 Mcps TDD Radio Access Technology Capability: Not supported
+ .... 1... = GERAN Feature Package 1: Supported
+ Extended DTM EGPRS Multi Slot Class: Bits are not available (0)
+ .... ..0. = Modulation based multislot class support: Not supported
+ High Multislot Capability: Bits are not available (0)
+ 0... .... = GERAN Iu mode: Not supported
+ GMSK Multislot Power Profile: GMSK_MULTISLOT_POWER_PROFILE 3 (3)
+ 8-PSK Multislot Power Profile: 8-PSK_MULTISLOT_POWER_PROFILE 3 (3)
+ .... .0.. = Multiple TBF Capability: Not supported
+ .... ..01 = Downlink Advanced Receiver Performance: Downlink Advanced Receiver Performance - phase I supported (1)
+ 1... .... = Extended RLC/MAC Control Message Segmentation Capability: Supported
+ .1.. .... = DTM Enhancements Capability: The mobile station supports enhanced DTM CS establishment and enhanced DTM CS release procedures
+ ...0 .... = PS Handover Capability: Not supported
+ MS RA capability 2
+ .... .011 1... .... = Access Technology Type: GSM 850 (7)
+ .010 0010 = Length in bits: 0x22 (34)
+ 100. .... RF Power Capability, GMSK Power Class: 2 W (33 dBm) (4)
+ A5 Bits: Same values apply for parameters as in the immediately preceding Access capabilities field within this IE (0)
+ .... 1... = Controlled early Classmark Sending: Implemented
+ .... .1.. = Pseudo Synchronisation: Present
+ .... ..0. = Voice Group Call Service: no VGCS capability or no notifications wanted
+ .... ...0 = Voice Broadcast Service: no VBS capability or no notifications wanted
+ 0... .... = Multislot capability struct: Not Present
+ .1.. .... = 8PSK Power Capability Bits: Present
+ 8PSK Power Capability: Power class E2 (2)
+ .... 0... = COMPACT Interference Measurement Capability: Not Implemented
+ .... .1.. = Revision Level Indicator: The ME is Release '99 onwards
+ .... ..0. = UMTS FDD Radio Access Technology Capability: Not supported
+ .... ...0 = UMTS 3.84 Mcps TDD Radio Access Technology Capability: Not supported
+ 0... .... = CDMA 2000 Radio Access Technology Capability: Not supported
+ .0.. .... = UMTS 1.28 Mcps TDD Radio Access Technology Capability: Not supported
+ ..1. .... = GERAN Feature Package 1: Supported
+ Extended DTM EGPRS Multi Slot Class: Bits are not available (0)
+ .... 0... = Modulation based multislot class support: Not supported
+ High Multislot Capability: Bits are not available (0)
+ .... ..0. = GERAN Iu mode: Not supported
+ GMSK Multislot Power Profile: GMSK_MULTISLOT_POWER_PROFILE 3 (3)
+ 8-PSK Multislot Power Profile: 8-PSK_MULTISLOT_POWER_PROFILE 3 (3)
+ ...0 .... = Multiple TBF Capability: Not supported
+ .... 01.. = Downlink Advanced Receiver Performance: Downlink Advanced Receiver Performance - phase I supported (1)
+ .... ..1. = Extended RLC/MAC Control Message Segmentation Capability: Supported
+ .... ...1 = DTM Enhancements Capability: The mobile station supports enhanced DTM CS establishment and enhanced DTM CS release procedures
+ .0.. .... = PS Handover Capability: Not supported
+ MS RA capability 3
+ ...0 011. = Access Technology Type: GSM 1800 (3)
+ .... ...0 1000 10.. = Length in bits: 0x22 (34)
+ .... ..00 1... .... RF Power Capability, GMSK Power Class: 1 W (30 dBm) (1)
+ A5 Bits: Same values apply for parameters as in the immediately preceding Access capabilities field within this IE (0)
+ ..1. .... = Controlled early Classmark Sending: Implemented
+ ...1 .... = Pseudo Synchronisation: Present
+ .... 0... = Voice Group Call Service: no VGCS capability or no notifications wanted
+ .... .0.. = Voice Broadcast Service: no VBS capability or no notifications wanted
+ .... ..0. = Multislot capability struct: Not Present
+ .... ...1 = 8PSK Power Capability Bits: Present
+ 8PSK Power Capability: Power class E2 (2)
+ ..0. .... = COMPACT Interference Measurement Capability: Not Implemented
+ ...1 .... = Revision Level Indicator: The ME is Release '99 onwards
+ .... 0... = UMTS FDD Radio Access Technology Capability: Not supported
+ .... .0.. = UMTS 3.84 Mcps TDD Radio Access Technology Capability: Not supported
+ .... ..0. = CDMA 2000 Radio Access Technology Capability: Not supported
+ .... ...0 = UMTS 1.28 Mcps TDD Radio Access Technology Capability: Not supported
+ 1... .... = GERAN Feature Package 1: Supported
+ Extended DTM EGPRS Multi Slot Class: Bits are not available (0)
+ ..0. .... = Modulation based multislot class support: Not supported
+ High Multislot Capability: Bits are not available (0)
+ .... 0... = GERAN Iu mode: Not supported
+ GMSK Multislot Power Profile: GMSK_MULTISLOT_POWER_PROFILE 3 (3)
+ 8-PSK Multislot Power Profile: 8-PSK_MULTISLOT_POWER_PROFILE 3 (3)
+ .0.. .... = Multiple TBF Capability: Not supported
+ ..01 .... = Downlink Advanced Receiver Performance: Downlink Advanced Receiver Performance - phase I supported (1)
+ .... 1... = Extended RLC/MAC Control Message Segmentation Capability: Supported
+ .... .1.. = DTM Enhancements Capability: The mobile station supports enhanced DTM CS establishment and enhanced DTM CS release procedures
+ .... ...0 = PS Handover Capability: Not supported
+*/
+ bitvec_unhex(bv_dec, "1933432b37159ef90879cba28c6421e72688b190879c00");
+
+ printf("=== Test decoding of multi-band MS RA Capability ===\n");
+ rc = decode_gsm_ra_cap(bv_dec, &data);
+ OSMO_ASSERT(rc == CSN_ERROR_STREAM_NOT_SUPPORTED);
+#if 0
+ /* Make sure there's 1 value (currently fails due to failed decoding) */
+ OSMO_ASSERT(data.Count_MS_RA_capability_value == 3);
+
+ /* Make sure GPRS / EGPRS multislot class is parsed correctly */
+ printf("GPRS multislot class = %u\n", Decoding::get_ms_class_by_capability(&data));
+ printf("EGPRS multislot class = %u\n", Decoding::get_egprs_ms_class_by_capability(&data));
+#endif
+ bitvec_free(bv_dec);
+}
+
int main(int argc, char *argv[])
{
void *ctx = talloc_named_const(NULL, 1, "RLCMACTest");
@@ -346,5 +486,6 @@ int main(int argc, char *argv[])
testCsnLeftAlignedVarBmpBounds(ctx);
testRAcap(ctx);
testMalformedRAcap(ctx);
+ testRAcap2(ctx);
talloc_free(ctx);
}
diff --git a/tests/rlcmac/RLCMACTest.err b/tests/rlcmac/RLCMACTest.err
index 4434d9b..b225bfd 100644
--- a/tests/rlcmac/RLCMACTest.err
+++ b/tests/rlcmac/RLCMACTest.err
@@ -39,3 +39,4 @@ DRLCMACDATA ERROR Failed to encode MS RA Capability IE: not enough bits in the o
DCSN1 INFO csnStreamDecoder (RAcap): MS_RA_capability_value { | Choice MS_RA_capability_value_Choice = 1 | u.Content length = 21 | offset = 4 | RF_Power_Capability = 1 | Exist_A5_bits = 0 | ES_IND = 1 | PS = 0 | VGCS = 0 | VBS = 0 | Exist_Multislot_capability = 1 | : Multislot_capability | Exist_HSCSD_multislot_class = 0 | Exist_GPRS_multislot_class = 1 | GPRS_multislot_class = 3 | GPRS_Extended_Dynamic_Allocation_Capability = 0 | Exist_SM = 0 | Exist_ECSD_multislot_class = 0 | Exist_EGPRS_multislot_class = 1 | DCSN1 ERROR csnStreamDecoder: error NEED_MORE BITS TO UNPACK (-5) at EGPRS_multislot_class (idx 31): End Multislot_capability |
DCSN1 INFO csnStreamDecoder (RAcap): MS_RA_capability_value { | Choice MS_RA_capability_value_Choice = 1 | u.Content length = 29 | offset = 4 | RF_Power_Capability = 1 | Exist_A5_bits = 0 | ES_IND = 1 | PS = 0 | VGCS = 0 | VBS = 0 | Exist_Multislot_capability = 1 | : Multislot_capability | Exist_HSCSD_multislot_class = 0 | Exist_GPRS_multislot_class = 1 | GPRS_multislot_class = 3 | GPRS_Extended_Dynamic_Allocation_Capability = 0 | Exist_SM = 0 | Exist_ECSD_multislot_class = 0 | Exist_EGPRS_multislot_class = 1 | EGPRS_multislot_class = 0 | EGPRS_Extended_Dynamic_Allocation_Capability = 0 | Exist_DTM_GPRS_multislot_class = 0 | : End Multislot_capability | Exist_Eight_PSK_Power_Capability = 0 | COMPACT_Interference_Measurement_Capability = 0 | Revision_Level_Indicator = NULL | UMTS_FDD_Radio_Access_Technology_Capability = NULL | UMTS_384_TDD_Radio_Access_Technology_Capability = NULL | CDMA2000_Radio_Access_Technology_Capability = NULL | UMTS_128_TDD_Radio_Access_Technology_Capability = NULL | GERAN_Feature_Package_1 = NULL | Modulation_based_multislot_class_support = NULL | GMSK_MultislotPowerProfile = NULL | EightPSK_MultislotProfile = NULL | MultipleTBF_Capability = NULL | DownlinkAdvancedReceiverPerformance = NULL | ExtendedRLC_MAC_ControlMessageSegmentionsCapability = NULL | DTM_EnhancementsCapability = NULL | PS_HandoverCapability = NULL | DTM_Handover_Capability = NULL | FlexibleTimeslotAssignment = NULL | GAN_PS_HandoverCapability = NULL | RLC_Non_persistentMode = NULL | ReducedLatencyCapability = NULL | UplinkEGPRS2 = NULL | DownlinkEGPRS2 = NULL | EUTRA_FDD_Support = NULL | EUTRA_TDD_Support = NULL | GERAN_To_EUTRAN_supportInGERAN_PTM = NULL | PriorityBasedReselectionSupport = NULL | MS_RA_capability_value } |
DRLCMACDATA NOTICE Got 143 remaining bits unhandled by decoder at the end of bitvec
+DCSN1 INFO csnStreamDecoder (RAcap): MS_RA_capability_value { | Choice MS_RA_capability_value_Choice = 1 | u.Content length = 73 | offset = 4 | RF_Power_Capability = 4 | Exist_A5_bits = 1 | A5_bits = 80 | ES_IND = 1 | PS = 1 | VGCS = 0 | VBS = 0 | Exist_Multislot_capability = 1 | : Multislot_capability | Exist_HSCSD_multislot_class = 0 | Exist_GPRS_multislot_class = 1 | GPRS_multislot_class = 12 | GPRS_Extended_Dynamic_Allocation_Capability = 1 | Exist_SM = 1 | SMS_VALUE = 7 | SM_VALUE = 1 | Exist_ECSD_multislot_class = 0 | Exist_EGPRS_multislot_class = 1 | EGPRS_multislot_class = 12 | EGPRS_Extended_Dynamic_Allocation_Capability = 1 | Exist_DTM_GPRS_multislot_class = 1 | DTM_GPRS_multislot_class = 3 | Single_Slot_DTM = 0 | : DTM_EGPRS_Params | Exist_DTM_EGPRS_multislot_class = 1 | DTM_EGPRS_multislot_class = 3 | : End DTM_EGPRS_Params | : End Multislot_capability | Exist_Eight_PSK_Power_Capability = 1 | Eight_PSK_Power_Capability = 2 | COMPACT_Interference_Measurement_Capability = 0 | Revision_Level_Indicator = 1 | UMTS_FDD_Radio_Access_Technology_Capability = 0 | UMTS_384_TDD_Radio_Access_Technology_Capability = 0 | CDMA2000_Radio_Access_Technology_Capability = 0 | UMTS_128_TDD_Radio_Access_Technology_Capability = 0 | GERAN_Feature_Package_1 = 1 | Exist_Extended_DTM_multislot_class = 0 | Modulation_based_multislot_class_support = 0 | Exist_HighMultislotCapability = 0 | Exist_GERAN_lu_ModeCapability = 0 | GMSK_MultislotPowerProfile = 3 | EightPSK_MultislotProfile = 3 | MultipleTBF_Capability = 0 | DownlinkAdvancedReceiverPerformance = 1 | ExtendedRLC_MAC_ControlMessageSegmentionsCapability = 1 | DTM_EnhancementsCapability = 1 | Exist_DTM_GPRS_HighMultislotClass = 0 | PS_HandoverCapability = 0 | DTM_Handover_Capability = NULL | FlexibleTimeslotAssignment = NULL | GAN_PS_HandoverCapability = NULL | RLC_Non_persistentMode = NULL | ReducedLatencyCapability = NULL | UplinkEGPRS2 = NULL | DownlinkEGPRS2 = NULL | EUTRA_FDD_Support = NULL | EUTRA_TDD_Support = NULL | GERAN_To_EUTRAN_supportInGERAN_PTM = NULL | PriorityBasedReselectionSupport = NULL | MS_RA_capability_value } | MS_RA_capability_value { | Choice MS_RA_capability_value_Choice = 7 | u.Content length = 34 | offset = 4 | RF_Power_Capability = 4 | Exist_A5_bits = 0 | ES_IND = 1 | PS = 1 | VGCS = 0 | VBS = 0 | Exist_Multislot_capability = 0 | Exist_Eight_PSK_Power_Capability = 1 | Eight_PSK_Power_Capability = 2 | COMPACT_Interference_Measurement_Capability = 0 | Revision_Level_Indicator = 1 | UMTS_FDD_Radio_Access_Technology_Capability = 0 | UMTS_384_TDD_Radio_Access_Technology_Capability = 0 | CDMA2000_Radio_Access_Technology_Capability = 0 | UMTS_128_TDD_Radio_Access_Technology_Capability = 0 | GERAN_Feature_Package_1 = 1 | Exist_Extended_DTM_multislot_class = 0 | Modulation_based_multislot_class_support = 0 | Exist_HighMultislotCapability = 0 | Exist_GERAN_lu_ModeCapability = 0 | GMSK_MultislotPowerProfile = 3 | EightPSK_MultislotProfile = 3 | MultipleTBF_Capability = 0 | DownlinkAdvancedReceiverPerformance = 1 | ExtendedRLC_MAC_ControlMessageSegmentionsCapability = 1 | DTM_EnhancementsCapability = 1 | Exist_DTM_GPRS_HighMultislotClass = 0 | PS_HandoverCapability = 0 | DTM_Handover_Capability = NULL | FlexibleTimeslotAssignment = NULL | GAN_PS_HandoverCapability = NULL | RLC_Non_persistentMode = NULL | ReducedLatencyCapability = NULL | UplinkEGPRS2 = NULL | DownlinkEGPRS2 = NULL | EUTRA_FDD_Support = NULL | EUTRA_TDD_Support = NULL | GERAN_To_EUTRAN_supportInGERAN_PTM = NULL | PriorityBasedReselectionSupport = NULL | MS_RA_capability_value } | error: MS_RA_capability_value: too many elements (>2) in recursive array. Increase its size! } |DCSN1 ERROR csnStreamDecoder: error STREAM_NOT_SUPPORTED (-8) at MS_RA_capability_value (idx 131)
diff --git a/tests/rlcmac/RLCMACTest.ok b/tests/rlcmac/RLCMACTest.ok
index ffcaeb3..313511f 100644
--- a/tests/rlcmac/RLCMACTest.ok
+++ b/tests/rlcmac/RLCMACTest.ok
@@ -144,3 +144,5 @@ decode_gsm_ra_cap() returns -5
*** testMalformedRAcap ***
=== Test decoding of MS RA Capability ===
decode_gsm_ra_cap() returns 0
+*** testRAcap2 ***
+=== Test decoding of multi-band MS RA Capability ===