1 files changed, 28 insertions, 0 deletions

diff --git a/msc/MSC_Tests.ttcn b/msc/MSC_Tests.ttcn
index 2fad7b44..5bf199c0 100644
--- a/msc/MSC_Tests.ttcn
+++ b/msc/MSC_Tests.ttcn
@@ -6801,6 +6801,32 @@ testcase TC_call_re_establishment_ciph() runs on MTC_CT {
 	vc_conn2.done;
 }
 
+/* Establish a conn with a valid Mobile Identity. Then send a CM Service Request containing a mismatching Mobile
+ * Identity on the same conn. Caused a crash, see OS#5532. */
+friend function f_tc_cm_serv_wrong_mi(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
+	f_init_handler(pars);
+
+	/* Set up a fully identified conn */
+	f_perform_lu();
+	f_establish_fully();
+
+	/* CM Serv Req with mismatching Mobile Identity */
+	var MobileIdentityLV mi := valueof(ts_MI_IMSI_LV(f_gen_imsi(99999))); /* ensure it is different from below*/
+	BSSAP.send(ts_PDU_DTAP_MO(ts_CM_SERV_REQ(CM_TYPE_MO_SMS, mi)));
+	BSSAP.receive(tr_PDU_DTAP_MT(tr_CM_SERV_REJ));
+
+	/* Cancel the first CM Service from f_establish_fully() */
+	BSSAP.send(ts_BSSMAP_ClearRequest(0));
+
+	f_expect_clear();
+}
+testcase TC_cm_serv_wrong_mi() runs on MTC_CT {
+	var BSC_ConnHdlr vc_conn;
+	f_init();
+	vc_conn := f_start_handler(refers(f_tc_cm_serv_wrong_mi), 94);
+	vc_conn.done;
+}
+
 control {
 	execute( TC_cr_before_reset() );
 	execute( TC_lu_imsi_noauth_tmsi() );
@@ -6963,6 +6989,8 @@ control {
 	execute( TC_call_re_establishment() );
 	execute( TC_call_re_establishment_auth() );
 	execute( TC_call_re_establishment_ciph() );
+
+	execute( TC_cm_serv_wrong_mi() );
 }