gprs: Fix GSUP cancel_type handling (Coverity)
When handling an incoming GSUP cancellation request, the cancel_type
if effectively ignored, such that is always handled as
GPRS_GSUP_CANCEL_TYPE_UPDATE and never as WITHDRAW.
This commit fixes the expression used to set the variable
is_update_procedure.
Fixes: Coverity CID 1267739
Sponsored-by: On-Waves ehf
diff --git a/openbsc/src/gprs/gprs_subscriber.c b/openbsc/src/gprs/gprs_subscriber.c
index 8486834..e3da0f8 100644
--- a/openbsc/src/gprs/gprs_subscriber.c
+++ b/openbsc/src/gprs/gprs_subscriber.c
@@ -492,7 +492,8 @@
struct gprs_gsup_message *gsup_msg)
{
struct gprs_gsup_message gsup_reply = {0};
- int is_update_procedure = !gsup_msg->cancel_type || gsup_msg->cancel_type;
+ int is_update_procedure = !gsup_msg->cancel_type ||
+ gsup_msg->cancel_type == GPRS_GSUP_CANCEL_TYPE_UPDATE;
LOGGSUBSCRP(LOGL_INFO, subscr, "Cancelling MS subscriber (%s)\n",
is_update_procedure ?
diff --git a/openbsc/tests/sgsn/sgsn_test.c b/openbsc/tests/sgsn/sgsn_test.c
index 6fc4f99..197be9d 100644
--- a/openbsc/tests/sgsn/sgsn_test.c
+++ b/openbsc/tests/sgsn/sgsn_test.c
@@ -440,6 +440,12 @@
0x06, 0x01, 0x00,
};
+ static const uint8_t location_cancellation_req_withdraw[] = {
+ 0x1c,
+ TEST_GSUP_IMSI1_IE,
+ 0x06, 0x01, 0x01,
+ };
+
static const uint8_t location_cancellation_req_other[] = {
0x1c,
0x01, 0x05, 0x11, 0x11, 0x11, 0x11, 0x01,
@@ -582,6 +588,12 @@
OSMO_ASSERT(s1->flags & GPRS_SUBSCRIBER_CANCELLED);
OSMO_ASSERT(s1->sgsn_data->mm == NULL);
+ /* Inject LocCancelReq(withdraw) GSUP message */
+ rc = rx_gsup_message(location_cancellation_req_withdraw,
+ sizeof(location_cancellation_req_withdraw));
+ OSMO_ASSERT(rc >= 0);
+ OSMO_ASSERT(s1->sgsn_data->error_cause == GMM_CAUSE_IMPL_DETACHED);
+
/* Inject PurgeMsRes GSUP message */
rc = rx_gsup_message(purge_ms_res,
sizeof(purge_ms_res));