diff options
| author | Pau Espin Pedrol <pespin@sysmocom.de> | 2023-01-02 16:55:05 +0100 |
|---|---|---|
| committer | Pau Espin Pedrol <pespin@sysmocom.de> | 2023-01-02 16:58:36 +0100 |
| commit | 6cc5f08eb8fc3d2cc7e87fba89821903fde0f1d7 (patch) | |
| tree | 2de83ba92f33c83067bd2773a9bcbcb4d6c079f5 /src/osmo-bsc/gsm_08_08.c | |
| parent | 6c2798c5ce0e8fe5b3d2b945a10d8e1c2fb97e88 (diff) | |
bsc: Fix crash if PagingResponse with invalid MobileIdentity is received
It was found in a BSC on the field that an MS sending an incorrect
MobileIdentity IE (wrong length) in PagingResponse was generating a
crash on the BSC.
When the MobileIdentity cannot be parsed right now we keep on instead of
rejecting the conn. This should change in the future, but it needs
further improvements in our TTCN3 tests. For now let's simply validate
the subscriber is not NULL; since recently paging optimizations made
paging_request_stop() require the subscriber to be non-null.
Fixes: 27cb5d3e24d0e39d09bddcbea5c059dfe5bbcf3d
Related: SYS#6280
Change-Id: If8b439ff74c5dd690d637d3e3278c75d6cd6b928
Diffstat (limited to 'src/osmo-bsc/gsm_08_08.c')
| -rw-r--r-- | src/osmo-bsc/gsm_08_08.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/osmo-bsc/gsm_08_08.c b/src/osmo-bsc/gsm_08_08.c index 37e00f394..3e0683c23 100644 --- a/src/osmo-bsc/gsm_08_08.c +++ b/src/osmo-bsc/gsm_08_08.c @@ -440,7 +440,8 @@ int bsc_compl_l3(struct gsm_lchan *lchan, struct msgb *msg, uint16_t chosen_chan paged_from_msc = NULL; paging_reasons = BSC_PAGING_NONE; if (pdisc == GSM48_PDISC_RR && mtype == GSM48_MT_RR_PAG_RESP) { - paging_request_stop(&paged_from_msc, &paging_reasons, bts, conn->bsub); + if (conn->bsub) + paging_request_stop(&paged_from_msc, &paging_reasons, bts, conn->bsub); if (!paged_from_msc) { /* This looks like an unsolicited Paging Response. It is required to pick any MSC, because any * MT-CSFB calls were Paged by the MSC via SGs, and hence are not listed in the BSC. */ |