From 2521906537119671273f332d50c019b9ce8ac075 Mon Sep 17 00:00:00 2001 From: Vadim Yanitskiy Date: Tue, 21 Jan 2020 01:41:33 +0700 Subject: MSC: add a test case to check T3212 expiration during paging Long story short: some time ago I noticed that OsmoMSC crashes if T3212 expires during the Paging procedure. This is not the case anymore (as the test case shows) and apparently the bug has been fixed, hovewer I believe it makes sense to add this test case. Change-Id: If9147ae8b07d5120d2853b9acda2313910ac48be --- msc/MSC_Tests.ttcn | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) (limited to 'msc/MSC_Tests.ttcn') diff --git a/msc/MSC_Tests.ttcn b/msc/MSC_Tests.ttcn index ccfc154f..cf91b1e5 100644 --- a/msc/MSC_Tests.ttcn +++ b/msc/MSC_Tests.ttcn @@ -5896,6 +5896,44 @@ testcase TC_mm_id_resp_no_identity() runs on MTC_CT { vc_conn.done; } +/* Verify the case when T3212 expires during Paging procedure, just before the receipt + * of Paging Response. This used to provoke a NULL-pointer dereference in old versions + * of OsmoMSC, but apparently the bug has been fixed, and we're safe now. */ +friend function f_tc_lu_and_expire_while_paging(charstring id, BSC_ConnHdlrPars pars) +runs on BSC_ConnHdlr { + var charstring imsi := hex2str(pars.imsi); + + f_init_handler(pars); + + /* Perform location update */ + f_perform_lu(); + + f_ran_register_imsi(g_pars.imsi, g_pars.tmsi); + f_create_gsup_expect(hex2str(g_pars.imsi)); + + /* Initiate paging procedure from the VTY */ + f_vty_transceive(MSCVTY, "subscriber imsi " & imsi & " paging"); + f_expect_paging(); + + /* Emulate T3212 expiration during paging (we don't want to wait, right?) */ + f_vty_transceive(MSCVTY, "subscriber imsi " & imsi & " expire"); + + /* MS sends PAGING RESPONSE, *old* OsmoMSC crashes here... */ + f_establish_fully(EST_TYPE_PAG_RESP); + + /* The recent OsmoMSC keeps subscriber in its VLR unless the Paging is completed. + * In this case we do not send anything and just wait for a Clear Command. */ + f_expect_clear(); +} +testcase TC_lu_and_expire_while_paging() runs on MTC_CT { + var BSC_ConnHdlr vc_conn; + + f_init(); + + vc_conn := f_start_handler(refers(f_tc_lu_and_expire_while_paging), 7); + vc_conn.done; +} + control { execute( TC_cr_before_reset() ); execute( TC_lu_imsi_noauth_tmsi() ); @@ -6034,6 +6072,7 @@ control { } execute( TC_invalid_mgcp_crash() ); execute( TC_mm_id_resp_no_identity() ); + execute( TC_lu_and_expire_while_paging() ); } -- cgit v1.2.3