From d9e063997127e101484cdf48c0c6426b97c93463 Mon Sep 17 00:00:00 2001 From: Holger Hans Peter Freyther Date: Tue, 30 Aug 2011 19:07:58 +0200 Subject: bsc: Fix a crash in case we get a NACK from the BTS for a new channel In case of a nack the secondary_lchan will be NULLed but then the T10 timeout will attempt to release the channel and we will try to release a NULL pointer. --- openbsc/src/libbsc/bsc_api.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'openbsc/src') diff --git a/openbsc/src/libbsc/bsc_api.c b/openbsc/src/libbsc/bsc_api.c index d2965a247..db79eb6bc 100644 --- a/openbsc/src/libbsc/bsc_api.c +++ b/openbsc/src/libbsc/bsc_api.c @@ -136,8 +136,12 @@ static void assignment_t10_timeout(void *_conn) LOGP(DMSC, LOGL_ERROR, "Assigment T10 timeout on %p\n", conn); - /* normal release on the secondary channel */ - lchan_release(conn->secondary_lchan, 0, 1); + /* + * normal release on the secondary channel but only if the + * secondary_channel has not been released by the handle_chan_nack. + */ + if (conn->secondary_lchan) + lchan_release(conn->secondary_lchan, 0, 1); conn->secondary_lchan = NULL; /* inform them about the failure */ -- cgit v1.2.3