From 790d146054bec34d7b2fd006fd814ab8c17f1d04 Mon Sep 17 00:00:00 2001
From: Krishnavamsi-wavelabs
 <88074557+Krishnavamsi-wavelabs@users.noreply.github.com>
Date: Mon, 4 Sep 2023 21:48:06 +0530
Subject: [PATCH] fix(mme): Handling of missing Reset Type S1AP ProtocolIE ID
 (#15295)

Signed-off-by: krishnavamsi-wavelabs <krishna.vamsi@wavelabs.ai>
---
 .../core/oai/tasks/s1ap/s1ap_mme_handlers.cpp | 10 +++
 .../test/s1ap_task/test_s1ap_mme_handlers.cpp | 73 +++++++++++++++++++
 2 files changed, 83 insertions(+)

diff --git a/lte/gateway/c/core/oai/tasks/s1ap/s1ap_mme_handlers.cpp b/lte/gateway/c/core/oai/tasks/s1ap/s1ap_mme_handlers.cpp
index 2a5b311808e0..716267671f51 100644
--- a/lte/gateway/c/core/oai/tasks/s1ap/s1ap_mme_handlers.cpp
+++ b/lte/gateway/c/core/oai/tasks/s1ap/s1ap_mme_handlers.cpp
@@ -4184,6 +4184,11 @@ status_code_e s1ap_mme_handle_enb_reset(oai::S1apState* state,
   S1AP_FIND_PROTOCOLIE_BY_ID(S1ap_ResetIEs_t, ie, container,
                              S1ap_ProtocolIE_ID_id_ResetType, true);
 
+  if (!ie) {
+    OAILOG_ERROR(LOG_S1AP, "Reset Type S1AP ProtocolIE ID Missing\n");
+    OAILOG_FUNC_RETURN(LOG_S1AP, RETURNerror);
+  }
+
   S1ap_ResetType_t* resetType = &ie->value.choice.ResetType;
 
   switch (resetType->present) {
@@ -4926,6 +4931,11 @@ status_code_e s1ap_mme_handle_enb_configuration_transfer(
                              S1ap_ProtocolIE_ID_id_SONConfigurationTransferECT,
                              false);
 
+  if (!ie) {
+    OAILOG_ERROR(LOG_S1AP, "Missing SON Configuration Transfer IE\n");
+    OAILOG_FUNC_RETURN(LOG_S1AP, RETURNerror);
+  }
+
   OAILOG_DEBUG(LOG_S1AP, "Received eNB Confiuration Request from assoc_id %u\n",
                assoc_id);
   if ((s1ap_state_get_enb(state, assoc_id, &enb_association)) != PROTO_MAP_OK) {
diff --git a/lte/gateway/c/core/oai/test/s1ap_task/test_s1ap_mme_handlers.cpp b/lte/gateway/c/core/oai/test/s1ap_task/test_s1ap_mme_handlers.cpp
index fa565371057f..81556f958e6b 100644
--- a/lte/gateway/c/core/oai/test/s1ap_task/test_s1ap_mme_handlers.cpp
+++ b/lte/gateway/c/core/oai/test/s1ap_task/test_s1ap_mme_handlers.cpp
@@ -2431,5 +2431,78 @@ TEST_F(S1apMmeHandlersTest, MalformedInitialUEMissingENBUES1APID) {
   ASN_STRUCT_FREE_CONTENTS_ONLY(asn_DEF_S1ap_S1AP_PDU, &pdu_s1);
 }
 
+TEST_F(S1apMmeHandlersTest, ResetTypeS1apProtocolIEIDMissing) {
+  ASSERT_EQ(task_zmq_ctx_main_s1ap.ready, true);
+
+  EXPECT_CALL(*sctp_handler, sctpd_send_dl()).Times(1);
+
+  S1ap_S1AP_PDU_t pdu_s1;
+  memset(&pdu_s1, 0, sizeof(pdu_s1));
+  ASSERT_EQ(RETURNok, generate_s1_setup_request_pdu(&pdu_s1));
+  ASSERT_EQ(RETURNok,
+            s1ap_mme_handle_message(state, assoc_id, stream_id, &pdu_s1));
+
+  // State validation
+  ASSERT_TRUE(is_enb_state_valid(state, assoc_id, oai::S1AP_READY, 0));
+  ASSERT_TRUE(is_num_enbs_valid(state, 1));
+
+  uint8_t initial_ue_bytes[] = {
+      0x00, 0x0e, 0x40, 0x05, 0xc0, 0x00, 0x00, 0x0a, 0x00, 0x3b, 0x40, 0x01,
+      0x24, 0x00, 0x5c, 0x40, 0x01, 0x00, 0x00, 0xea, 0x40, 0x5c, 0x40, 0x5f,
+      0x40, 0x08, 0x5f, 0x40, 0x09, 0x00, 0x5b, 0x40, 0x09, 0x6c, 0x4f, 0x8f,
+      0xcd, 0xa5, 0x80, 0x1b, 0x77, 0xa0, 0x7f, 0x5b, 0x40, 0x01, 0x00, 0x00,
+      0x5b, 0x40, 0x05, 0x4c, 0x7e, 0x91, 0x2f, 0x69, 0x00, 0x5b, 0x40, 0x09,
+      0x6c, 0x76, 0x0e, 0x40, 0x05, 0xc0, 0x00, 0x00, 0x0a, 0x00, 0x3b, 0x40,
+      0x01, 0x24, 0x00, 0x5c, 0x6b, 0x75, 0x2c, 0x80, 0xdc, 0x00, 0x80, 0xf5,
+      0x5b, 0x40, 0x09, 0x6c, 0x62, 0x65, 0x31, 0x1b, 0x80, 0xbb, 0x57, 0x7a,
+      0x00, 0x5b, 0x59, 0x05, 0x4c, 0x0f, 0xc6, 0x9f, 0x08, 0x00, 0x5b, 0x37,
+      0x05, 0x35, 0xff, 0x4f, 0x59, 0x17, 0x00, 0x5b, 0x40, 0x04, 0x28, 0x38,
+      0x34, 0xf7, 0x00, 0x02, 0x03, 0x40, 0x00, 0x02, 0x40, 0x01, 0x20, 0x00,
+      0x02, 0x40, 0x02, 0x01, 0x00, 0x00, 0x02, 0x40, 0x02, 0x00, 0x80};
+
+  ASSERT_EQ(simulate_pdu_s1_message(initial_ue_bytes, sizeof(initial_ue_bytes),
+                                    state, assoc_id, stream_id),
+            RETURNerror);
+
+  // Send SCTP_CLOSE_ASSOCIATION mimicing SCTP task
+  ASSERT_EQ(send_s1ap_close_sctp_association(assoc_id), RETURNok);
+
+  // Freeing pdu and payload data
+  ASN_STRUCT_FREE_CONTENTS_ONLY(asn_DEF_S1ap_S1AP_PDU, &pdu_s1);
+}
+
+TEST_F(S1apMmeHandlersTest, MalformedSONConfigurationTransferIE) {
+  ASSERT_EQ(task_zmq_ctx_main_s1ap.ready, true);
+
+  EXPECT_CALL(*sctp_handler, sctpd_send_dl()).Times(1);
+
+  S1ap_S1AP_PDU_t pdu_s1;
+  memset(&pdu_s1, 0, sizeof(pdu_s1));
+  ASSERT_EQ(RETURNok, generate_s1_setup_request_pdu(&pdu_s1));
+  ASSERT_EQ(RETURNok,
+            s1ap_mme_handle_message(state, assoc_id, stream_id, &pdu_s1));
+
+  // State validation
+  ASSERT_TRUE(is_enb_state_valid(state, assoc_id, oai::S1AP_READY, 0));
+  ASSERT_TRUE(is_num_enbs_valid(state, 1));
+
+  uint8_t initial_ue_bytes[] = {
+      0x00, 0x28, 0x40, 0x03, 0x0e, 0x00, 0x00, 0x00, 0x54, 0x40,
+      0x7f, 0x50, 0x10, 0x00, 0x9c, 0x40, 0x14, 0x0c, 0x00, 0x93,
+      0xff, 0xff, 0x01, 0x72, 0x00, 0x94, 0xbf, 0x0b, 0x40, 0x02,
+      0x01, 0x00, 0x00, 0x00, 0x7f, 0xb4, 0x40, 0x40, 0x40,
+  };
+
+  ASSERT_EQ(simulate_pdu_s1_message(initial_ue_bytes, sizeof(initial_ue_bytes),
+                                    state, assoc_id, stream_id),
+            RETURNerror);
+
+  // Send SCTP_CLOSE_ASSOCIATION mimicing SCTP task
+  ASSERT_EQ(send_s1ap_close_sctp_association(assoc_id), RETURNok);
+
+  // Freeing pdu and payload data
+  ASN_STRUCT_FREE_CONTENTS_ONLY(asn_DEF_S1ap_S1AP_PDU, &pdu_s1);
+}
+
 }  // namespace lte
 }  // namespace magma