From 89009751ea7ceda542c254633f4ceef23b3f8f90 Mon Sep 17 00:00:00 2001
From: Holger Hans Peter Freyther <holger@moiji-mobile.com>
Date: Thu, 16 Nov 2017 17:11:28 +0100
Subject: mobile: Avoid msg_ref going out of sync

It seemed like msg_ref could go out of sync. In some places we are
using sms->msg_ref in other cases we pass it as parameter (e.g. when
sending the SMS) or we get it out of the gsm411_rp_hdr.

Instead of hardcoding 42 for all messages make it configurable and
pass the parameter from the caller.

Change-Id: I4bac5f06921b5fd85a98d97770d42d4858ca1c42
---
 .../layer23/include/osmocom/bb/mobile/gsm411_sms.h    |  3 +--
 src/host/layer23/src/mobile/gsm411_sms.c              | 19 +++++++++----------
 src/host/layer23/src/mobile/vty_interface.c           |  2 +-
 3 files changed, 11 insertions(+), 13 deletions(-)

diff --git a/src/host/layer23/include/osmocom/bb/mobile/gsm411_sms.h b/src/host/layer23/include/osmocom/bb/mobile/gsm411_sms.h
index d14e6db8..0d0578a3 100644
--- a/src/host/layer23/include/osmocom/bb/mobile/gsm411_sms.h
+++ b/src/host/layer23/include/osmocom/bb/mobile/gsm411_sms.h
@@ -11,7 +11,6 @@ struct gsm_sms {
 	uint8_t ud_hdr_ind;
 	uint8_t protocol_id;
 	uint8_t data_coding_scheme;
-	uint8_t msg_ref;
 	char address[20+1];	/* DA LV is 12 bytes max, i.e. 10 bytes
 				 * BCD == 20 bytes string */
 	time_t time;
@@ -28,6 +27,6 @@ void sms_free(struct gsm_sms *sms);
 struct gsm_sms *sms_from_text(const char *receiver, int dcs, const char *text);
 int gsm411_rcv_sms(struct osmocom_ms *ms, struct msgb *msg);
 int sms_send(struct osmocom_ms *ms, const char *sms_sca, const char *number,
-	const char *text);
+	const char *text, uint8_t msg_ref);
 
 #endif /* _GSM411_SMS_H */
diff --git a/src/host/layer23/src/mobile/gsm411_sms.c b/src/host/layer23/src/mobile/gsm411_sms.c
index 1b102622..73fad84f 100644
--- a/src/host/layer23/src/mobile/gsm411_sms.c
+++ b/src/host/layer23/src/mobile/gsm411_sms.c
@@ -221,7 +221,7 @@ fail:
 
 /* process an incoming TPDU (called from RP-DATA)
  * return value > 0: RP CAUSE for ERROR; < 0: silent error; 0 = success */
-static int gsm340_rx_tpdu(struct gsm_trans *trans, struct msgb *msg)
+static int gsm340_rx_tpdu(struct gsm_trans *trans, struct msgb *msg, uint8_t msg_ref)
 {
 	uint8_t *smsp = msgb_sms(msg);
 	struct gsm_sms *gsms;
@@ -296,7 +296,7 @@ static int gsm340_rx_tpdu(struct gsm_trans *trans, struct msgb *msg)
 	LOGP(DLSMS, LOGL_INFO, "RX SMS: MTI: 0x%02x, "
 	     "MR: 0x%02x PID: 0x%02x, DCS: 0x%02x, OA: %s, "
 	     "UserDataLength: 0x%02x, UserData: \"%s\"\n",
-	     sms_mti, gsms->msg_ref,
+	     sms_mti, msg_ref,
 	     gsms->protocol_id, gsms->data_coding_scheme, gsms->address,
 	     gsms->user_data_len,
 			sms_alphabet == DCS_7BIT_DEFAULT ? gsms->text :
@@ -377,7 +377,7 @@ static int gsm411_rx_rp_ud(struct msgb *msg, struct gsm_trans *trans,
 	LOGP(DLSMS, LOGL_INFO, "TPDU(%li,%s)\n", msg->tail-msg->l4h,
 		osmo_hexdump(msg->l4h, msg->tail-msg->l4h));
 
-	rc = gsm340_rx_tpdu(trans, msg);
+	rc = gsm340_rx_tpdu(trans, msg, rph->msg_ref);
 	if (rc == 0)
 		return gsm411_send_rp_ack(trans, rph->msg_ref);
 	else if (rc > 0)
@@ -528,7 +528,7 @@ static int gsm411_rx_rl_report(struct msgb *msg, struct gsm48_hdr *gh,
 
 /* generate a msgb containing a TPDU derived from struct gsm_sms,
  * returns total size of TPDU */
-static int gsm340_gen_tpdu(struct msgb *msg, struct gsm_sms *sms)
+static int gsm340_gen_tpdu(struct msgb *msg, struct gsm_sms *sms, uint8_t msg_ref)
 {
 	uint8_t *smsp;
 	uint8_t da[12];	/* max len per 03.40 */
@@ -559,7 +559,7 @@ static int gsm340_gen_tpdu(struct msgb *msg, struct gsm_sms *sms)
 
 	/* generate message ref */
 	smsp = msgb_put(msg, 1);
-	*smsp = sms->msg_ref;
+	*smsp = msg_ref;
 
 	/* generate destination address */
 	if (sms->address[0] == '+')
@@ -620,12 +620,11 @@ static int gsm340_gen_tpdu(struct msgb *msg, struct gsm_sms *sms)
 
 /* Take a SMS in gsm_sms structure and send it. */
 static int gsm411_tx_sms_submit(struct osmocom_ms *ms, const char *sms_sca,
-	struct gsm_sms *sms)
+	struct gsm_sms *sms, uint8_t msg_ref)
 {
 	struct msgb *msg;
 	struct gsm_trans *trans;
 	uint8_t *data, *rp_ud_len;
-	uint8_t msg_ref = 42;
 	int rc;
 	int transaction_id;
 	uint8_t sca[11];	/* max len per 03.40 */
@@ -689,7 +688,7 @@ error:
 	rp_ud_len = (uint8_t *)msgb_put(msg, 1);
 
 	/* generate the 03.40 TPDU */
-	rc = gsm340_gen_tpdu(msg, sms);
+	rc = gsm340_gen_tpdu(msg, sms, msg_ref);
 	if (rc < 0)
 		goto error;
 	*rp_ud_len = rc;
@@ -703,14 +702,14 @@ error:
 
 /* create and send SMS */
 int sms_send(struct osmocom_ms *ms, const char *sms_sca, const char *number,
-	const char *text)
+	const char *text, uint8_t msg_ref)
 {
 	struct gsm_sms *sms = sms_from_text(number, 0, text);
 
 	if (!sms)
 		return -ENOMEM;
 
-	return gsm411_tx_sms_submit(ms, sms_sca, sms);
+	return gsm411_tx_sms_submit(ms, sms_sca, sms, msg_ref);
 }
 
 /*
diff --git a/src/host/layer23/src/mobile/vty_interface.c b/src/host/layer23/src/mobile/vty_interface.c
index d11f625a..5a47736a 100644
--- a/src/host/layer23/src/mobile/vty_interface.c
+++ b/src/host/layer23/src/mobile/vty_interface.c
@@ -947,7 +947,7 @@ DEFUN(sms, sms_cmd, "sms MS_NAME NUMBER .LINE",
 	if (vty_check_number(vty, number))
 		return CMD_WARNING;
 
-	sms_send(ms, sms_sca, number, argv_concat(argv, argc, 2));
+	sms_send(ms, sms_sca, number, argv_concat(argv, argc, 2), 42);
 
 	return CMD_SUCCESS;
 }
-- 
cgit v1.2.3