Project

General

Profile

Bug #2864

OsmoMSC is crashing/asserting if IMSI length too long

Added by laforge 6 months ago. Updated 20 days ago.

Status:
In Progress
Priority:
High
Assignee:
Category:
A interface (general)
Target version:
-
Start date:
01/23/2018
Due date:
% Done:

20%

Estimated time:
Resolution:

Description

When we send an ID RESPONSE with IMSI longer than 15 digits, OsmoMSC will crash/abort as follows:

Assert failed bcd_len <= sizeof(bcd_buf) gsup.c:494
backtrace() returned 25 addresses
/usr/local/stow/libosmocore/lib/libosmogsm.so.8(osmo_gsup_encode+0x1183) [0x7efd0bbf0163]

see attached pcap file.

History

#1 Updated by msuraev 6 months ago

  • Status changed from New to In Progress
  • % Done changed from 0 to 10

Related gerrit 6009 was sent for review.

#2 Updated by msuraev 5 months ago

  • % Done changed from 10 to 20

Related gerrit 6197, 6009 are merged, 6010 is under review.

#3 Updated by msuraev 5 months ago

Is there some way to trigger this crash easily?

#4 Updated by laforge 5 months ago

On Mon, Feb 05, 2018 at 03:38:12PM +0000, msuraev [REDMINE] wrote:

Is there some way to trigger this crash easily?

just send a too long imsi from any of the TTCN3 test cases.

#5 Updated by msuraev 5 months ago

  • Status changed from In Progress to Stalled

Related gerrit 6388, 6460, 6475, 6484 are under review. Alternatively/in addition to it we should implement this in TTCN3.

#6 Updated by laforge 5 months ago

  • Assignee changed from msuraev to stsp

#7 Updated by laforge 22 days ago

  • Status changed from Stalled to New

#8 Updated by stsp 21 days ago

Note that overlong IMSIs are currently still being accepted by osmo-msc and are silently truncated.
This behaviour does not seem reasonable. I have proposed a patch at https://gerrit.osmocom.org/#/c/osmo-msc/+/9739

#10 Updated by stsp 20 days ago

  • Status changed from New to In Progress

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 48.8 MB)