msc: add test for OS#5532: crash from CM Serv Rej

Reproduce the assertion trigger crashing osmo-msc reported in OS#5532,
i.e. a CM Service Request that contains a mismatching Mobile Identity.

Causes osmo-msc to crash with an assertion, so run it last.
Fix of the crash: I6c735b79b67108bcaadada3f01c7046e262f939b

Related: OS#5532
Depends: I6c735b79b67108bcaadada3f01c7046e262f939b (osmo-msc)
Change-Id: I3f84d00f456aaee578787059d7010c25efcdcf56

1 files changed, 28 insertions, 0 deletions

diff --git a/msc/MSC_Tests.ttcn b/msc/MSC_Tests.ttcn
index 2fad7b44..5bf199c0 100644
--- a/msc/MSC_Tests.ttcn
+++ b/msc/MSC_Tests.ttcn
@@ -6801,6 +6801,32 @@ testcase TC_call_re_establishment_ciph() runs on MTC_CT {
 	vc_conn2.done;
 }
 
+/* Establish a conn with a valid Mobile Identity. Then send a CM Service Request containing a mismatching Mobile
+ * Identity on the same conn. Caused a crash, see OS#5532. */
+friend function f_tc_cm_serv_wrong_mi(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
+	f_init_handler(pars);
+
+	/* Set up a fully identified conn */
+	f_perform_lu();
+	f_establish_fully();
+
+	/* CM Serv Req with mismatching Mobile Identity */
+	var MobileIdentityLV mi := valueof(ts_MI_IMSI_LV(f_gen_imsi(99999))); /* ensure it is different from below*/
+	BSSAP.send(ts_PDU_DTAP_MO(ts_CM_SERV_REQ(CM_TYPE_MO_SMS, mi)));
+	BSSAP.receive(tr_PDU_DTAP_MT(tr_CM_SERV_REJ));
+
+	/* Cancel the first CM Service from f_establish_fully() */
+	BSSAP.send(ts_BSSMAP_ClearRequest(0));
+
+	f_expect_clear();
+}
+testcase TC_cm_serv_wrong_mi() runs on MTC_CT {
+	var BSC_ConnHdlr vc_conn;
+	f_init();
+	vc_conn := f_start_handler(refers(f_tc_cm_serv_wrong_mi), 94);
+	vc_conn.done;
+}
+
 control {
 	execute( TC_cr_before_reset() );
 	execute( TC_lu_imsi_noauth_tmsi() );
@@ -6963,6 +6989,8 @@ control {
 	execute( TC_call_re_establishment() );
 	execute( TC_call_re_establishment_auth() );
 	execute( TC_call_re_establishment_ciph() );
+
+	execute( TC_cm_serv_wrong_mi() );
 }