summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorHolger Hans Peter Freyther <holger@moiji-mobile.com>2013-12-27 17:37:27 +0100
committerHolger Hans Peter Freyther <holger@moiji-mobile.com>2013-12-27 17:37:27 +0100
commit1a345ca48fc3e2cd172a5020a8d204553811b379 (patch)
tree894244ef2e721f9665c6799a0bdc1b6024ee0f72
parent2147bc4cc989928b6685669d49c79fe12f5ab913 (diff)
lu crash: Fix a crash that likely occurred during the LU procedure
conn->loc_operation is already NULL (e.g. due a five second timeout but we are still processing a RSL message after we initiated the release procedure). Do not attempt to authorize a subcriber without knowing the key_sequence. This can cause more problems but we will need to test this in the field. (gdb) bt #0 gsm0408_authorize (conn=0x19fc2f0, msg=<optimized out>) at gsm_04_08.c:323 #1 gsm0408_authorize (conn=0x19fc2f0, msg=<optimized out>) at gsm_04_08.c:319 #2 0x000000000043a99a in mm_rx_id_resp (conn=0x19fc2f0, msg=<optimized out>) at gsm_04_08.c:495 #3 gsm0408_rcv_mm (msg=<optimized out>, conn=0x19fc2f0) at gsm_04_08.c:1041 #4 gsm0408_dispatch (conn=0x19fc2f0, msg=<optimized out>) at gsm_04_08.c:3232 (gdb) p *conn $5 = {entry = {next = 0x1746930, prev = 0x1a14270}, subscr = 0x1745eb0, expire_timer_stopped = 1 '\001', loc_operation = 0x0, sec_operation = 0x0, anch_operation = 0x0, silent_call = 0, put_channel = 0, sccp_con = 0x0, in_release = 0, lchan = 0x7f8c79007218, ho_lchan = 0x0, bts = 0x1719f90, T10 = {node = { rb_parent_color = 0, rb_right = 0x0, rb_left = 0x0}, list = {next = 0x0, prev = 0x0}, timeout = {tv_sec = 0, tv_usec = 0}, active = 0, cb = 0, data = 0x0}, secondary_lchan = 0x0}
-rw-r--r--openbsc/src/libmsc/gsm_04_08.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/openbsc/src/libmsc/gsm_04_08.c b/openbsc/src/libmsc/gsm_04_08.c
index 75e464d5f..3efdb8f29 100644
--- a/openbsc/src/libmsc/gsm_04_08.c
+++ b/openbsc/src/libmsc/gsm_04_08.c
@@ -318,6 +318,9 @@ static int _gsm0408_authorize_sec_cb(unsigned int hooknum, unsigned int event,
static int gsm0408_authorize(struct gsm_subscriber_connection *conn, struct msgb *msg)
{
+ if (!conn->loc_operation)
+ return 0;
+
if (authorize_subscriber(conn->loc_operation, conn->subscr))
return gsm48_secure_channel(conn,
conn->loc_operation->key_seq,