diff options
author | Holger Hans Peter Freyther <zecke@selfish.org> | 2013-01-13 16:23:36 +0100 |
---|---|---|
committer | Holger Hans Peter Freyther <zecke@selfish.org> | 2013-01-13 17:30:00 +0100 |
commit | ba36bf4c5d78bb1469d259dfae958496d96ae48c (patch) | |
tree | a1c8a2fbe8f02f69c0d1724c1806ff07e58cbbf4 /openbsc/src | |
parent | 30a3d2f0fe75385384c604a94eedb1e83f515464 (diff) |
sms: Avoid infinite CP-ERROR/CP-ACK loop with sms.
The issue can be reproduced by typing the following 9 or more times.
OpenBSC> subscriber id 2 sms sender id 2 send bla
For some unknown reason the phone sends us a CP-ERROR for a transaction
identifier we have allocated and used but don't remember. Due the way
we use the SMC/SMR we 'establish' the machine and this results in a CP-ACK
being sent out. But the CP-ERROR is not having the content we want for
an establish so we send out a RP-ERROR. This will result in a CP-ERROR
because the phone does not know the transaction...
Avoid the issue by checking the direction of the transaction. If we do
not know the transaction and it is supposed to be allocated by us then
just ignore it and do not create a new transaction.
Diffstat (limited to 'openbsc/src')
-rw-r--r-- | openbsc/src/libmsc/gsm_04_11.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/openbsc/src/libmsc/gsm_04_11.c b/openbsc/src/libmsc/gsm_04_11.c index f22a7e15b..9e00bdac7 100644 --- a/openbsc/src/libmsc/gsm_04_11.c +++ b/openbsc/src/libmsc/gsm_04_11.c @@ -762,6 +762,18 @@ int gsm0411_rcv_sms(struct gsm_subscriber_connection *conn, DEBUGP(DLSMS, "receiving data (trans_id=%x)\n", transaction_id); trans = trans_find_by_id(conn->subscr, GSM48_PDISC_SMS, transaction_id); + + /* + * A transaction we created but don't know about? + */ + if (!trans && (transaction_id & 0x8) == 0) { + LOGP(DLSMS, LOGL_ERROR, "trans_id=%x allocated by us but known " + "to us anymore. We are ignoring it, maybe a CP-ERROR " + "from a MS?\n", + transaction_id); + return -EINVAL; + } + if (!trans) { DEBUGP(DLSMS, " -> (new transaction)\n"); trans = trans_alloc(conn->subscr, GSM48_PDISC_SMS, |