paulmataruso/osmo-msc
1
0
Fork 0
mirror of https://gitea.osmocom.org/cellular-infrastructure/osmo-msc.git synced 2025-11-02 21:13:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

vlr: Stop silent call before deduping subscribers

Browse Source 
Before this fix, A use count mismatch could be reached by:

* Completing a location updating procedure with TMSI.
* Disconnecting from the BTS.
* Starting a silent call from the MSC.
* Registering again with the same IMSI but a different TMSI.

This would cause the a new subscriber to be created without
the silent call use count, which in turn would cause the
assert in `vlr_subscr_put` in `trans_free` to fail with use count of -1.

Change-Id: If23f8b0e42d4a3a8bf1c8f5ca81b045834b6cccd
This commit is contained in:
Matan Perelman
2025-09-18 12:45:57 +03:00
committed by osmith
parent 7fd46c7f4d
commit 81cbad69c9
3 changed files with 18 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
include/osmocom/msc/silent_call.h
View File

@@ -10,6 +10,7 @@ int gsm_silent_call_start(struct vlr_subscr *vsub,
struct vty *vty);
extern int gsm_silent_call_stop(struct vlr_subscr *vsub);
extern int gsm_silent_call_is_ongoing(struct vlr_subscr *vsub);
void trans_silent_call_free(struct gsm_trans *trans);

10
src/libmsc/silent_call.c
View File

@@ -186,3 +186,13 @@ int gsm_silent_call_stop(struct vlr_subscr *vsub)
trans_free(trans);
return 0;
}
/* Does the subscriber have an ongoing silent call transaction? */
int gsm_silent_call_is_ongoing(struct vlr_subscr *vsub)
{
struct msc_a *msc_a = msc_a_for_vsub(vsub, true);
if (!msc_a)
return false;
return trans_find_by_type(msc_a, TRANS_SILENT_CALL) != NULL;
}

7
src/libvlr/vlr.c
View File

@@ -36,6 +36,7 @@
#include <osmocom/vlr/vlr.h>
#include <osmocom/gsupclient/gsup_client_mux.h>
#include <osmocom/msc/paging.h>
#include <osmocom/msc/silent_call.h>
#include <netinet/in.h>
#include <arpa/inet.h>
@@ -642,6 +643,12 @@ void vlr_subscr_set_imsi(struct vlr_subscr *vsub, const char *imsi)
if (!strcmp(vsub->imsi, imsi))
return;
/* If the same subscriber has silent call (probably pending) stop the silent call to prevent
* use count mismatch when freeing the transaction. */
exists = vlr_subscr_find_by_imsi(vsub->vlr, imsi, NULL);
if (gsm_silent_call_is_ongoing(exists))
gsm_silent_call_stop(exists);
/* We've just learned about this new IMSI, our primary key in the VLR. make sure to invalidate any prior VLR
* entries for this IMSI. */
exists = vlr_subscr_find_by_imsi(vsub->vlr, imsi, NULL);