aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorIvan Kluchnikov <kluchnikovi@gmail.com>2017-05-11 15:19:23 +0300
committerIvan Kluchnikov <kluchnikovi@gmail.com>2017-05-11 15:19:23 +0300
commit5e1e45283bdcb2daa21a2acd21458c24c088c30e (patch)
tree938f9bcdeeb6d46920799b1e1b235626585c1ce8
parent28d7d7570a079ac8cf415dd16469586c59decbd9 (diff)
lapd_core: Fix crash in lapd_est_req() function
lapd_est_req() function could be called on uninitialized lapd link (before lapd_dl_init() and after lapd_dl_exit() functions) due to invalid usage on higher levels. In order to prevent using uninitialized lapd link, we should set LAPD_STATE_NULL state for lapd_datalink in lapd_dl_exit() function. So all messages for lapd_datalink in null state will be unhandled by lapd_recv_dlsap() function and lapd_est_req() function will not be called before lapd_dl_init() function where lapd link state is changed to idle. Change-Id: I306dad9b78e3becaef14c5305ec25c312feefe3c Related: OS#1982
-rw-r--r--src/gsm/lapd_core.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/src/gsm/lapd_core.c b/src/gsm/lapd_core.c
index 5ee88a4..48e7df1 100644
--- a/src/gsm/lapd_core.c
+++ b/src/gsm/lapd_core.c
@@ -324,6 +324,10 @@ void lapd_dl_exit(struct lapd_datalink *dl)
{
/* free all ressources except history buffer */
lapd_dl_reset(dl);
+
+ /* enter null state */
+ lapd_dl_newstate(dl, LAPD_STATE_NULL);
+
/* free history buffer list */
talloc_free(dl->tx_hist);
dl->tx_hist = NULL;