From 10168f1f19a922c4d0f498ba494178062ef9a297 Mon Sep 17 00:00:00 2001
From: Bostjan Meglic <b.meglic@iskratel.si>
Date: Fri, 3 Mar 2023 08:44:27 +0000
Subject: [PATCH] [AMF] Disallow handling service requests unless UE is already
 registered

---
 src/amf/gmm-sm.c | 29 ++++++++++++++++++++++++-----
 src/mme/emm-sm.c | 28 ++++++++++++++++++++++++----
 2 files changed, 48 insertions(+), 9 deletions(-)

diff --git a/src/amf/gmm-sm.c b/src/amf/gmm-sm.c
index 5e43e88f6..40e9db8ac 100644
--- a/src/amf/gmm-sm.c
+++ b/src/amf/gmm-sm.c
@@ -33,6 +33,15 @@
 #undef OGS_LOG_DOMAIN
 #define OGS_LOG_DOMAIN __gmm_log_domain
 
+typedef enum {
+    GMM_COMMON_STATE_DEREGISTERED,
+    GMM_COMMON_STATE_REGISTERED,
+} gmm_common_state_e;
+
+static void common_register_state(ogs_fsm_t *s, amf_event_t *e,
+        gmm_common_state_e state);
+
+
 void gmm_state_initial(ogs_fsm_t *s, amf_event_t *e)
 {
     ogs_assert(s);
@@ -49,8 +58,6 @@ void gmm_state_final(ogs_fsm_t *s, amf_event_t *e)
     amf_sm_debug(e);
 }
 
-static void common_register_state(ogs_fsm_t *s, amf_event_t *e);
-
 void gmm_state_de_registered(ogs_fsm_t *s, amf_event_t *e)
 {
     amf_ue_t *amf_ue = NULL;
@@ -118,7 +125,7 @@ void gmm_state_de_registered(ogs_fsm_t *s, amf_event_t *e)
         break;
 
     case AMF_EVENT_5GMM_MESSAGE:
-        common_register_state(s, e);
+        common_register_state(s, e, GMM_COMMON_STATE_DEREGISTERED);
         break;
 
     case AMF_EVENT_5GMM_TIMER:
@@ -469,7 +476,7 @@ void gmm_state_registered(ogs_fsm_t *s, amf_event_t *e)
         break;
 
     case AMF_EVENT_5GMM_MESSAGE:
-        common_register_state(s, e);
+        common_register_state(s, e, GMM_COMMON_STATE_REGISTERED);
         break;
 
     case AMF_EVENT_5GMM_TIMER:
@@ -938,7 +945,8 @@ void gmm_state_registered(ogs_fsm_t *s, amf_event_t *e)
     }
 }
 
-static void common_register_state(ogs_fsm_t *s, amf_event_t *e)
+static void common_register_state(ogs_fsm_t *s, amf_event_t *e,
+        gmm_common_state_e state)
 {
     int r, rv, xact_count = 0;
     ogs_nas_5gmm_cause_t gmm_cause;
@@ -1064,6 +1072,17 @@ static void common_register_state(ogs_fsm_t *s, amf_event_t *e)
         case OGS_NAS_5GS_SERVICE_REQUEST:
             ogs_info("Service request");
 
+            if (state != GMM_COMMON_STATE_REGISTERED) {
+                ogs_info("[%s] Handling service request failed [Not registered]",
+                            amf_ue->suci);
+                r = nas_5gs_send_service_reject(amf_ue,
+                    OGS_5GMM_CAUSE_UE_IDENTITY_CANNOT_BE_DERIVED_BY_THE_NETWORK);
+                ogs_expect(r == OGS_OK);
+                ogs_expect(r != OGS_ERROR);
+                OGS_FSM_TRAN(s, gmm_state_exception);
+                break;
+            }
+
             gmm_cause = gmm_handle_service_request(
                     amf_ue, h, e->ngap.code, &nas_message->gmm.service_request);
             if (gmm_cause != OGS_5GMM_CAUSE_REQUEST_ACCEPTED) {
diff --git a/src/mme/emm-sm.c b/src/mme/emm-sm.c
index ed1e30d14..da7f0faea 100644
--- a/src/mme/emm-sm.c
+++ b/src/mme/emm-sm.c
@@ -36,6 +36,15 @@
 #undef OGS_LOG_DOMAIN
 #define OGS_LOG_DOMAIN __emm_log_domain
 
+typedef enum {
+    EMM_COMMON_STATE_DEREGISTERED,
+    EMM_COMMON_STATE_REGISTERED,
+} emm_common_state_e;
+
+static void common_register_state(ogs_fsm_t *s, mme_event_t *e,
+        emm_common_state_e state);
+
+
 void emm_state_initial(ogs_fsm_t *s, mme_event_t *e)
 {
     ogs_assert(s);
@@ -52,7 +61,6 @@ void emm_state_final(ogs_fsm_t *s, mme_event_t *e)
     mme_sm_debug(e);
 }
 
-static void common_register_state(ogs_fsm_t *s, mme_event_t *e);
 
 void emm_state_de_registered(ogs_fsm_t *s, mme_event_t *e)
 {
@@ -75,7 +83,7 @@ void emm_state_de_registered(ogs_fsm_t *s, mme_event_t *e)
         break;
 
     case MME_EVENT_EMM_MESSAGE:
-        common_register_state(s, e);
+        common_register_state(s, e, EMM_COMMON_STATE_DEREGISTERED);
         break;
 
     case MME_EVENT_EMM_TIMER:
@@ -124,7 +132,7 @@ void emm_state_registered(ogs_fsm_t *s, mme_event_t *e)
         break;
 
     case MME_EVENT_EMM_MESSAGE:
-        common_register_state(s, e);
+        common_register_state(s, e, EMM_COMMON_STATE_REGISTERED);
         break;
 
     case MME_EVENT_EMM_TIMER:
@@ -222,7 +230,8 @@ void emm_state_registered(ogs_fsm_t *s, mme_event_t *e)
     }
 }
 
-static void common_register_state(ogs_fsm_t *s, mme_event_t *e)
+static void common_register_state(ogs_fsm_t *s, mme_event_t *e,
+        emm_common_state_e state)
 {
     int r, rv, xact_count = 0;
 
@@ -561,6 +570,17 @@ static void common_register_state(ogs_fsm_t *s, mme_event_t *e)
 
         case OGS_NAS_EPS_EXTENDED_SERVICE_REQUEST:
             ogs_info("[%s] Extended service request", mme_ue->imsi_bcd);
+
+            if (state != EMM_COMMON_STATE_REGISTERED) {
+                ogs_info("Service request : Not registered[%s]",
+                    MME_UE_HAVE_IMSI(mme_ue) ? mme_ue->imsi_bcd : "Unknown IMSI");
+                r = nas_eps_send_service_reject(mme_ue,
+                    OGS_NAS_EMM_CAUSE_UE_IDENTITY_CANNOT_BE_DERIVED_BY_THE_NETWORK);
+                ogs_expect(r == OGS_OK);
+                ogs_assert(r != OGS_ERROR);
+                OGS_FSM_TRAN(s, &emm_state_exception);
+            }
+
             rv = emm_handle_extended_service_request(
                     mme_ue, &message->emm.extended_service_request);
             if (rv != OGS_OK) {