commit 61548987531f07a64155fe3b3de74e7f9f879781
author Harald Welte <laforge@gnumonks.org> Sun Feb 22 21:26:29 2009 +0000
committer Harald Welte <laforge@gnumonks.org> Sun Feb 22 21:26:29 2009 +0000
tree d3648ed48139c861a351cc3e7bd8ae65612ab85d
parent 2a1393758daa4904c9817da987424cca465aafb2

fix paging response parsing for phase1 phones (classmar2 can be less than 4 bytes in length)

include/openbsc/gsm_04_08.h

diff --git a/include/openbsc/gsm_04_08.h b/include/openbsc/gsm_04_08.h
index 728d39a..d9f6ec3 100644
--- a/include/openbsc/gsm_04_08.h
+++ b/include/openbsc/gsm_04_08.h
@@ -113,16 +113,6 @@
 	u_int8_t t3212;
 } __attribute__ ((packed));
 
-/* Section 9.1.25 PAGING RESPONSE */
-struct gsm48_paging_response {
-	u_int8_t spare:4,
-		 cipher_keyt_seq:4;
-	/* length + 3 bytes */
-	u_int32_t classmark2;
-	u_int8_t mi_len;
-	u_int8_t mi[0];
-} __attribute__ ((packed));
-
 /* Section 9.2.9 CM service request */
 struct gsm48_service_request {
 	u_int8_t cm_service_type : 4,

src/gsm_04_08.c

diff --git a/src/gsm_04_08.c b/src/gsm_04_08.c
index ac9a262..0549076 100644
--- a/src/gsm_04_08.c
+++ b/src/gsm_04_08.c
@@ -876,15 +876,15 @@
 static int gsm48_rr_rx_pag_resp(struct msgb *msg)
 {
 	struct gsm48_hdr *gh = msgb_l3(msg);
-	struct gsm48_paging_response *pr =
-			(struct gsm48_paging_response *) gh->data;
-	u_int8_t mi_type = pr->mi[0] & GSM_MI_TYPE_MASK;
+	u_int8_t *classmark2_lv = gh->data + 1;
+	u_int8_t *mi_lv = gh->data + 2 + *classmark2_lv;
+	u_int8_t mi_type = mi_lv[1] & GSM_MI_TYPE_MASK;
 	char mi_string[MI_SIZE];
 	struct gsm_subscriber *subscr;
 	struct paging_signal_data sig_data;
 	int rc = 0;
 
-	mi_to_string(mi_string, sizeof(mi_string), &pr->mi[0], pr->mi_len);
+	mi_to_string(mi_string, sizeof(mi_string), mi_lv+1, *mi_lv);
 	DEBUGP(DRR, "PAGING RESPONSE: mi_type=0x%02x MI(%s)\n",
 		mi_type, mi_string);
 	switch (mi_type) {