aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPau Espin Pedrol <pespin@sysmocom.de>2018-11-22 17:25:49 +0100
committerdaniel <dwillmann@sysmocom.de>2018-11-26 10:47:35 +0000
commit8b67202ef6725a0292e878a4625ad634261abd69 (patch)
treec3e9986159a51627a3504455c483f11a7d93ed52
parent82f8846464301cda2bf827ee94d3f5c2f30aff37 (diff)
gbproxy: Fix abort during APN patch
gbproxy process was aborted with following message during APN patching: <000e> gb_proxy_patch.c:129 Patching ACT_PDP_REQ to SGSN: Replacing APN 'foo' -> 'bar' msgb(0x5555558797d0): Sub area is not fully contained in the msg data During osmo-sgsn 107fb59e84b12bbf6bdfdd4fc241dbcda7332706 old copy of gprs_msgb_resize_area was replaced by more modern libosmocore version called msgb_resize_area. They are mostly identical but the later has some extra verification asserts. One of this asserts was triggering the process abort, but the bug has always been there as far as I could see in git history. The assert triggers because the bssgp buffer and parse_ctx point to "stored_msg", while the data buffer comes from a different msbg "msg", which is clearly wrong behavior. In the modified line, "msg" (the one which provided the imsi now already stored in link_info through gbproxy_update_link_state_ul()->gbproxy_assign_imsi()) is really not needed anymore, and we want to patch the stored msg going to be forwarded. Related: SYS#4397 Change-Id: I7226fc5bcfbf58c349431d0a39cdb904fefd9e9c
-rw-r--r--src/gprs/gb_proxy.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/gprs/gb_proxy.c b/src/gprs/gb_proxy.c
index fe6a6c64f..85c3c4704 100644
--- a/src/gprs/gb_proxy.c
+++ b/src/gprs/gb_proxy.c
@@ -348,7 +348,7 @@ static int gbproxy_flush_stored_messages(struct gbproxy_peer *peer,
gprs_gb_parse_bssgp(msgb_bssgph(stored_msg),
msgb_bssgp_len(stored_msg),
&tmp_parse_ctx);
- gbproxy_patch_bssgp(msg, msgb_bssgph(stored_msg),
+ gbproxy_patch_bssgp(stored_msg, msgb_bssgph(stored_msg),
msgb_bssgp_len(stored_msg),
peer, link_info, &len_change,
&tmp_parse_ctx);