[S] Change in osmo-ttcn3-hacks[master]: fixup: sgsn: fix unused param in f_routing_area_update()

Mon, 22 Apr 2024 02:53:28 -0700 

fixeria has submitted this change. ( 
https://gerrit.osmocom.org/c/osmo-ttcn3-hacks/+/36613?usp=email )

Change subject: fixup: sgsn: fix unused param in f_routing_area_update()
......................................................................

fixup: sgsn: fix unused param in f_routing_area_update()

In 1ee1edd2 I changed f_routing_area_update() to actually use the
given RAI as Old RAI in the Routing Area Update Request.  Not only
this broke the testcase scenario (Old RAI shall remain unchanged!),
but also started triggering a use-after-free bug in osmo-sgsn.

Passing 'ran_index := 1' is enough for the second Routing Area Update
Request to show up with a different RAI (at BSSGP level), however the
Old RAI IE shall obviously indicate the *old* RAI, not the new one.

A follow-up commit will add a separate testcase to reproduce the
use-after-free problem in osmo-sgsn.

Change-Id: Ib16985cb08834a238ca4f7a747c43097f430ed6f
Fixes: 1ee1edd2 "sgsn: fix unused param in f_routing_area_update()"
Related: OS#6439
---
M sgsn/SGSN_Tests.ttcn
1 file changed, 24 insertions(+), 1 deletion(-)

Approvals:
  Jenkins Builder: Verified
  pespin: Looks good to me, but someone else must approve
  fixeria: Looks good to me, approved




diff --git a/sgsn/SGSN_Tests.ttcn b/sgsn/SGSN_Tests.ttcn
index 67e815b..0371e29 100644
--- a/sgsn/SGSN_Tests.ttcn
+++ b/sgsn/SGSN_Tests.ttcn
@@ -2734,7 +2734,7 @@
        f_bssgp_client_register(g_pars.imsi, g_pars.tlli, BSSGP_PROC[1]);

        log("sending second RAU via different RA");
-       f_routing_area_update(f_cellid_to_RAI(g_pars.bssgp_cell_id[1]), 
ran_index := 1);
+       f_routing_area_update(old_ra := g_pars.ra, ran_index := 1);

        f_detach_mo(c_GMM_DTT_MO_GPRS, true, true, 1);
 }

--
To view, visit https://gerrit.osmocom.org/c/osmo-ttcn3-hacks/+/36613?usp=email
To unsubscribe, or for help writing mail filters, visit 
https://gerrit.osmocom.org/settings

Gerrit-Project: osmo-ttcn3-hacks
Gerrit-Branch: master
Gerrit-Change-Id: Ib16985cb08834a238ca4f7a747c43097f430ed6f
Gerrit-Change-Number: 36613
Gerrit-PatchSet: 1
Gerrit-Owner: fixeria <vyanits...@sysmocom.de>
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: fixeria <vyanits...@sysmocom.de>
Gerrit-Reviewer: pespin <pes...@sysmocom.de>
Gerrit-MessageType: merged

Reply via email to