fix the SMF/PCRF crash when bearer > 8 (#1108)
This commit is contained in:
parent
acb4db5dd1
commit
7e5a5d7511
|
@ -1485,16 +1485,24 @@ static int install_flow(ogs_pcc_rule_t *pcc_rule,
|
|||
|
||||
/* Copy Flow to PCC Rule */
|
||||
for (j = 0; j < sub->num_of_flow; j++) {
|
||||
ogs_flow_t *rx_flow = &sub->flow[j];
|
||||
ogs_flow_t *gx_flow = &pcc_rule->flow[pcc_rule->num_of_flow];
|
||||
ogs_flow_t *rx_flow = NULL;
|
||||
ogs_flow_t *gx_flow = NULL;
|
||||
|
||||
rv = flow_rx_to_gx(rx_flow, gx_flow);
|
||||
if (rv != OGS_OK) {
|
||||
ogs_error("flow reformatting error");
|
||||
if (pcc_rule->num_of_flow < OGS_MAX_NUM_OF_FLOW) {
|
||||
rx_flow = &sub->flow[j];
|
||||
gx_flow = &pcc_rule->flow[pcc_rule->num_of_flow];
|
||||
|
||||
rv = flow_rx_to_gx(rx_flow, gx_flow);
|
||||
if (rv != OGS_OK) {
|
||||
ogs_error("flow reformatting error");
|
||||
return OGS_ERROR;
|
||||
}
|
||||
|
||||
pcc_rule->num_of_flow++;
|
||||
} else {
|
||||
ogs_error("Overflow: Number of Flow");
|
||||
return OGS_ERROR;
|
||||
}
|
||||
|
||||
pcc_rule->num_of_flow++;
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -385,13 +385,10 @@ static int pcrf_rx_aar_cb( struct msg **msg, struct avp *avp,
|
|||
strlen(to_str));
|
||||
}
|
||||
} else {
|
||||
flow->description = ogs_malloc(
|
||||
hdr->avp_value->os.len+1);
|
||||
ogs_assert(flow->description);
|
||||
ogs_cpystrn(
|
||||
flow->description,
|
||||
flow->description = ogs_strndup(
|
||||
(char*)hdr->avp_value->os.data,
|
||||
hdr->avp_value->os.len+1);
|
||||
hdr->avp_value->os.len);
|
||||
ogs_assert(flow->description);
|
||||
}
|
||||
|
||||
sub->num_of_flow++;
|
||||
|
|
|
@ -631,7 +631,6 @@ static void smf_gx_cca_cb(void *data, struct msg **msg)
|
|||
ogs_diam_gx_message_t *gx_message = NULL;
|
||||
uint16_t gxbuf_len = 0;
|
||||
uint32_t cc_request_number = 0;
|
||||
smf_bearer_t *bearer = NULL;
|
||||
|
||||
ogs_debug("[Credit-Control-Answer]");
|
||||
|
||||
|
@ -1017,9 +1016,9 @@ static int smf_gx_rar_cb( struct msg **msg, struct avp *avp,
|
|||
smf_sess_t *sess = NULL;
|
||||
ogs_diam_gx_message_t *gx_message = NULL;
|
||||
ogs_pcc_rule_t *pcc_rule = NULL;
|
||||
smf_bearer_t *bearer = NULL;
|
||||
|
||||
uint32_t result_code = OGS_DIAM_UNKNOWN_SESSION_ID;
|
||||
int error = 0;
|
||||
|
||||
ogs_assert(msg);
|
||||
|
||||
|
@ -1084,9 +1083,16 @@ static int smf_gx_rar_cb( struct msg **msg, struct avp *avp,
|
|||
pcc_rule = &gx_message->session_data.pcc_rule
|
||||
[gx_message->session_data.num_of_pcc_rule];
|
||||
|
||||
rv = decode_pcc_rule_definition(pcc_rule, avpch1, NULL);
|
||||
rv = decode_pcc_rule_definition(
|
||||
pcc_rule, avpch1, &error);
|
||||
ogs_assert(rv == OGS_OK);
|
||||
|
||||
if (error) {
|
||||
ogs_error("decode_pcc_rule_definition() failed");
|
||||
result_code = OGS_DIAM_GX_DIAMETER_PCC_RULE_EVENT;
|
||||
goto out;
|
||||
}
|
||||
|
||||
pcc_rule->type = OGS_PCC_RULE_TYPE_INSTALL;
|
||||
gx_message->session_data.num_of_pcc_rule++;
|
||||
} else {
|
||||
|
@ -1303,16 +1309,14 @@ static int decode_pcc_rule_definition(
|
|||
if (avpch3) {
|
||||
ret = fd_msg_avp_hdr(avpch3, &hdr);
|
||||
ogs_assert(ret == 0);
|
||||
flow->description = ogs_malloc(hdr->avp_value->os.len+1);
|
||||
flow->description = ogs_strndup(
|
||||
(char*)hdr->avp_value->os.data, hdr->avp_value->os.len);
|
||||
ogs_assert(flow->description);
|
||||
ogs_cpystrn(flow->description,
|
||||
(char*)hdr->avp_value->os.data,
|
||||
hdr->avp_value->os.len+1);
|
||||
}
|
||||
|
||||
pcc_rule->num_of_flow++;
|
||||
} else {
|
||||
ogs_error("Overflow: Num of Flow");
|
||||
ogs_error("Overflow: Num of Flow [%d]", pcc_rule->num_of_flow);
|
||||
error++;
|
||||
}
|
||||
break;
|
||||
|
|
Loading…
Reference in New Issue