diff options
-rw-r--r-- | msc/MSC_Tests.ttcn | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/msc/MSC_Tests.ttcn b/msc/MSC_Tests.ttcn index 2fad7b44..5bf199c0 100644 --- a/msc/MSC_Tests.ttcn +++ b/msc/MSC_Tests.ttcn @@ -6801,6 +6801,32 @@ testcase TC_call_re_establishment_ciph() runs on MTC_CT { vc_conn2.done; } +/* Establish a conn with a valid Mobile Identity. Then send a CM Service Request containing a mismatching Mobile + * Identity on the same conn. Caused a crash, see OS#5532. */ +friend function f_tc_cm_serv_wrong_mi(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr { + f_init_handler(pars); + + /* Set up a fully identified conn */ + f_perform_lu(); + f_establish_fully(); + + /* CM Serv Req with mismatching Mobile Identity */ + var MobileIdentityLV mi := valueof(ts_MI_IMSI_LV(f_gen_imsi(99999))); /* ensure it is different from below*/ + BSSAP.send(ts_PDU_DTAP_MO(ts_CM_SERV_REQ(CM_TYPE_MO_SMS, mi))); + BSSAP.receive(tr_PDU_DTAP_MT(tr_CM_SERV_REJ)); + + /* Cancel the first CM Service from f_establish_fully() */ + BSSAP.send(ts_BSSMAP_ClearRequest(0)); + + f_expect_clear(); +} +testcase TC_cm_serv_wrong_mi() runs on MTC_CT { + var BSC_ConnHdlr vc_conn; + f_init(); + vc_conn := f_start_handler(refers(f_tc_cm_serv_wrong_mi), 94); + vc_conn.done; +} + control { execute( TC_cr_before_reset() ); execute( TC_lu_imsi_noauth_tmsi() ); @@ -6963,6 +6989,8 @@ control { execute( TC_call_re_establishment() ); execute( TC_call_re_establishment_auth() ); execute( TC_call_re_establishment_ciph() ); + + execute( TC_cm_serv_wrong_mi() ); } |