From c05677b036dce4dbf59414dc15b75a5b3472ae6e Mon Sep 17 00:00:00 2001 From: Harald Welte Date: Fri, 26 Jun 2009 20:17:06 +0200 Subject: fix two segfaults * when paging callback is called, we need to consider a failed paging operation (i.e. lchan == NULL) * we have to zero-initialize every transaction that is allocated --- openbsc/src/gsm_04_08.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'openbsc/src') diff --git a/openbsc/src/gsm_04_08.c b/openbsc/src/gsm_04_08.c index 76d748c05..d6f131e23 100644 --- a/openbsc/src/gsm_04_08.c +++ b/openbsc/src/gsm_04_08.c @@ -387,6 +387,9 @@ static int gsm0408_handle_lchan_signal(unsigned int subsys, unsigned int signal, * operation taking place on the lchan. */ struct gsm_lchan *lchan = (struct gsm_lchan *)handler_data; + if (!lchan) + return 0; + release_loc_updating_req(lchan); /* Free all transactions that are associated with the released lchan */ @@ -1932,7 +1935,7 @@ static int setup_trig_pag_evt(unsigned int hooknum, unsigned int event, struct gsm_subscriber *subscr = param; struct gsm_trans *transt, *tmp; struct gsm_network *net; - + if (hooknum != GSM_HOOK_RR_PAGING) return -EINVAL; @@ -3428,7 +3431,7 @@ int mncc_send(struct gsm_network *net, int msg_type, void *arg) GSM48_CC_CAUSE_DEST_OOO); } /* Create transaction */ - if (!(trans = talloc(tall_trans_ctx, struct gsm_trans))) { + if (!(trans = talloc_zero(tall_trans_ctx, struct gsm_trans))) { DEBUGP(DCC, "No memory for trans.\n"); subscr_put(subscr); /* Ressource unavailable */ -- cgit v1.2.3