[#227] Fix the crash when both EBT/PTI are 0

2019-07-21 12:20:26 +09:00 · 2019-07-21 12:20:26 +09:00 · 9f4204ef8e
parent 60c0eff085
commit 9f4204ef8e
2 changed files with 17 additions and 6 deletions
--- a/src/mme/mme-context.c
+++ b/src/mme/mme-context.c
@ -30,6 +30,7 @@

 #include "app/context.h"
 #include "nas-conv.h"
+#include "nas-path.h"
 #include "mme-context.h"
 #include "mme-event.h"
 #include "mme-timer.h"
@ -2627,7 +2628,7 @@ mme_bearer_t *mme_bearer_find_or_add_by_message(
    pti = message->esm.h.procedure_transaction_identity;
    ebi = message->esm.h.eps_bearer_identity;

-    ogs_trace("mme_bearer_find_or_add_by_message() [PTI:%d, EBI:%d]",
+    ogs_debug("mme_bearer_find_or_add_by_message() [PTI:%d, EBI:%d]",
            pti, ebi);

    if (ebi != NAS_EPS_BEARER_IDENTITY_UNASSIGNED) {
@ -2635,11 +2636,16 @@ mme_bearer_t *mme_bearer_find_or_add_by_message(
        ogs_assert(bearer);
        return bearer;
    }
-        
-    ogs_assert(pti != NAS_PROCEDURE_TRANSACTION_IDENTITY_UNASSIGNED);

-    if (message->esm.h.message_type == NAS_PDN_CONNECTIVITY_REQUEST)
-    {
+    if (pti == NAS_PROCEDURE_TRANSACTION_IDENTITY_UNASSIGNED) {
+        ogs_error("Both PTI[%d] and EBI[%d] are 0", pti, ebi);
+        nas_send_attach_reject(mme_ue,
+            EMM_CAUSE_SEMANTICALLY_INCORRECT_MESSAGE,
+            ESM_CAUSE_PROTOCOL_ERROR_UNSPECIFIED);
+        return NULL;
+    }
+
+    if (message->esm.h.message_type == NAS_PDN_CONNECTIVITY_REQUEST) {
        nas_pdn_connectivity_request_t *pdn_connectivity_request =
            &message->esm.pdn_connectivity_request;
        if (pdn_connectivity_request->presencemask &
--- a/src/mme/mme-sm.c
+++ b/src/mme/mme-sm.c
@ -296,7 +296,12 @@ void mme_state_operational(ogs_fsm_t *s, mme_event_t *e)
        ogs_assert(nas_esm_decode(&nas_message, pkbuf) == OGS_OK);

        bearer = mme_bearer_find_or_add_by_message(mme_ue, &nas_message);
-        ogs_assert(bearer);
+        if (!bearer) {
+            ogs_error("mme_bearer_find_or_add_by_message() failed");
+            ogs_pkbuf_free(pkbuf);
+            break;
+        }
+
        sess = bearer->sess;
        ogs_assert(sess);
        default_bearer = mme_default_bearer_in_sess(sess);