From d7276bde55c8e7fff64fdec5de07f47ad1ac01cb Mon Sep 17 00:00:00 2001 From: Pau Espin Pedrol Date: Fri, 6 Sep 2019 21:34:31 +0200 Subject: sgsn: Reject PdpActReq if no GTP pdp ctx exists It could happen that SGSN drops GTP side of a pdp ctx (pdp->lib=NULL) while still maintaing the other side (to notify about the entire pdp ctx being torn down). If a PdpActReq arrives during that time, we need to account for that situation, otherwise osmo-sgsn crashes accessing pdp->lib. If no pdp->lib is found at that time, let's reject the request and expect at some point later in time the entire pdp context will be destroyed and reestablished. Related: OS#4173 Change-Id: I6dd87557ebb26fdbd280504abde10d976acecf64 --- src/sgsn/gprs_sm.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/sgsn/gprs_sm.c b/src/sgsn/gprs_sm.c index 8cf5c5d88..f8019ab6a 100644 --- a/src/sgsn/gprs_sm.c +++ b/src/sgsn/gprs_sm.c @@ -491,6 +491,11 @@ static int do_act_pdp_req(struct sgsn_mm_ctx *mmctx, struct msgb *msg, bool *del /* Check if NSAPI is already in use */ pdp = sgsn_pdp_ctx_by_nsapi(mmctx, act_req->req_nsapi); if (pdp) { + /* Make sure pdp ctx was not already torn down on GTP side */ + if (!pdp->lib) { + gsm_cause = GSM_CAUSE_REACT_RQD; + goto no_context; + } /* We already have a PDP context for this TLLI + NSAPI tuple */ if (pdp->sapi == act_req->req_llc_sapi && pdp->ti == transaction_id) { -- cgit v1.2.3