From e0ed7d949f3b647282848749381a2ddd1afdbb54 Mon Sep 17 00:00:00 2001
From: Max <msuraev@sysmocom.de>
Date: Thu, 4 Jan 2018 18:47:41 +0100
Subject: Fix RAI construction

The gsm48_construct_ra() expect 6-byte buffer while ra_id.digits is
3-byte buffer. The function fills in LAC and RAC as well so we should
pass entire struct, not just 'digits' part which only store MCC/MNC.

Related: OS#1640
Change-Id: I3bfda930012c792452f9fd695ed7acf46365f1df
Fixes: CID57877, CID57876
---
 src/gprs/gprs_gmm.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/gprs/gprs_gmm.c b/src/gprs/gprs_gmm.c
index bc01681a1..77a553726 100644
--- a/src/gprs/gprs_gmm.c
+++ b/src/gprs/gprs_gmm.c
@@ -448,7 +448,7 @@ static int gsm48_tx_gmm_att_ack(struct sgsn_mm_ctx *mm)
 	aa->att_result = 1;	/* GPRS only */
 	aa->ra_upd_timer = gprs_secs_to_tmr_floor(sgsn->cfg.timers.T3312);
 	aa->radio_prio = 4;	/* lowest */
-	gsm48_construct_ra(aa->ra_id.digits, &mm->ra);
+	gsm48_construct_ra((uint8_t *)&aa->ra_id, &mm->ra);
 
 #if 0
 	/* Optional: P-TMSI signature */
@@ -1505,7 +1505,7 @@ static int gsm48_tx_gmm_ra_upd_ack(struct sgsn_mm_ctx *mm)
 	rua->upd_result = 0;	/* RA updated */
 	rua->ra_upd_timer = gprs_secs_to_tmr_floor(sgsn->cfg.timers.T3312);
 
-	gsm48_construct_ra(rua->ra_id.digits, &mm->ra);
+	gsm48_construct_ra((uint8_t *)&rua->ra_id, &mm->ra);
 
 #if 0
 	/* Optional: P-TMSI signature */
-- 
cgit v1.2.3