From 10ba47dd37951a4f572626c1a8df50242a4c47da Mon Sep 17 00:00:00 2001
From: Harald Welte <laforge@gnumonks.org>
Date: Mon, 18 Feb 2019 12:36:54 +0100
Subject: Fix BSSMAP length generated by gsm0808_create_clear_command2()

In Change-Id Id8a75e1da2d5f520064666e4ee413d1c91da6ae3 we recently
introduced adding the "CSFB INDICATOR" IE to the CLEAR COMMAND,
but we did so with a wrong length value.

Change-Id: I4d07d25fb03ca0f89fd7b94226c54309c77a010a
Closes: OS#3805
Related: OS#2778
---
 src/gsm/gsm0808.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'src/gsm/gsm0808.c')

diff --git a/src/gsm/gsm0808.c b/src/gsm/gsm0808.c
index 29072551..86b6c058 100644
--- a/src/gsm/gsm0808.c
+++ b/src/gsm/gsm0808.c
@@ -201,13 +201,19 @@ struct msgb *gsm0808_create_clear_command(uint8_t cause)
  *  \returns callee-allocated msgb with BSSMAP Clear Command message. */
 struct msgb *gsm0808_create_clear_command2(uint8_t cause, bool csfb_ind)
 {
-	struct msgb *msg = gsm0808_create_clear_command(cause);
+	struct msgb *msg = msgb_alloc_headroom(BSSMAP_MSG_SIZE, BSSMAP_MSG_HEADROOM,
+					       "bssmap: clear command");
 	if (!msg)
 		return NULL;
 
+	msgb_v_put(msg, BSS_MAP_MSG_CLEAR_CMD);
+	gsm0808_enc_cause(msg, cause);
+
 	if (csfb_ind)
 		msgb_v_put(msg, GSM0808_IE_CSFB_INDICATION);
 
+	msg->l3h = msgb_tv_push(msg, BSSAP_MSG_BSS_MANAGEMENT, msgb_length(msg));
+
 	return msg;
 }
 
-- 
cgit v1.2.3