From eb52aad198323fd86fbffc3bab3be4e5d394b205 Mon Sep 17 00:00:00 2001
From: Neels Hofmeyr <nhofmeyr@sysmocom.de>
Date: Sat, 26 Nov 2016 13:37:55 +0100
Subject: IuPS: properly update ra_id on GMM Attach Request

For new MM contexts, the ra_id was correctly obtained from the ue_ctx, but in
case an MM ctx is re-used and the ra_id changed, the new ra_id was not copied
to the MM context; instead, the ra_id was overwritten with uninitialized data.

Always initialize the local ra_id variable from the ue_ctx->ra_id for Iu
connections; it is used further below to update the ctx->ra_id.

For the case of a brand new Iu MM ctx, the ctx->ra_id then gets initialized a
second time. We could technically drop the init in sgsn_mm_ctx_alloc_iu(), but
it doesn't hurt either way.

Fixes: CID#57936
Change-Id: Ia06458758362e76925690b1757d8ced95e9609e4
---
 openbsc/src/gprs/gprs_gmm.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

(limited to 'openbsc/src/gprs')

diff --git a/openbsc/src/gprs/gprs_gmm.c b/openbsc/src/gprs/gprs_gmm.c
index 1fc27846c..363b45766 100644
--- a/openbsc/src/gprs/gprs_gmm.c
+++ b/openbsc/src/gprs/gprs_gmm.c
@@ -65,10 +65,7 @@
 #include <openbsc/gprs_utils.h>
 #include <openbsc/sgsn.h>
 #include <openbsc/signal.h>
-
-#ifdef BUILD_IU
 #include <openbsc/iu.h>
-#endif
 
 #include <pdp.h>
 
@@ -1076,7 +1073,8 @@ static int gsm48_rx_gmm_att_req(struct sgsn_mm_ctx *ctx, struct msgb *msg,
 	if (!msg->dst) {
 		/* Gb mode */
 		cid = bssgp_parse_cell_id(&ra_id, msgb_bcid(msg));
-	}
+	} else
+		ra_id = ((struct ue_conn_ctx*)msg->dst)->ra_id;
 
 	/* MS network capability 10.5.5.12 */
 	msnc_len = *cur++;
-- 
cgit v1.2.3