fix segfault introduced by recent segfault fix

This recently merged patch introduced a new bad segfault in bsc_compl_l3() by
dereferencing conn->sccp.msc before it was set to the actual msc pointer:

commit 6281d4f8692729dc0022ea7a6a2068972d58e9b6
"fix crashes due to OSMO_ASSERT(conn->lchan)"
Change-Id Id681dfb0ad654bdb4b71805d1ad4f39a8bf6bbd1

Fix that by moving the new checks back further down in bsc_compl_l3(), to where
conn->sccp.msc actually points at the msc.

Change-Id: Ic5832da7c58fce583caa504a90f18c334fc234f2

1 files changed, 12 insertions, 9 deletions

diff --git a/src/osmo-bsc/gsm_08_08.c b/src/osmo-bsc/gsm_08_08.c
index e28850698..2829b67c7 100644
--- a/src/osmo-bsc/gsm_08_08.c
+++ b/src/osmo-bsc/gsm_08_08.c
@@ -480,15 +480,8 @@ int bsc_compl_l3(struct gsm_subscriber_connection *conn, struct msgb *msg, uint1
 	struct msgb *resp;
 	struct gsm0808_speech_codec_list scl;
 	int rc = -2;
-	struct gsm_bts *bts = conn_get_bts(conn);
-	struct osmo_cell_global_id *cgi = cgi_for_msc(conn->sccp.msc, bts);
-
-	if (!bts || !cgi) {
-		/* should never happen */
-		LOGP(DMSC, LOGL_ERROR, "Compl L3 without lchan\n");
-		rc = -1;
-		goto early_fail;
-	}
+	struct gsm_bts *bts;
+	struct osmo_cell_global_id *cgi;
 
 	log_set_context(LOG_CTX_BSC_SUBSCR, conn->bsub);
 
@@ -506,6 +499,16 @@ int bsc_compl_l3(struct gsm_subscriber_connection *conn, struct msgb *msg, uint1
 	if (osmo_bsc_sigtran_new_conn(conn, msc) != BSC_CON_SUCCESS)
 		goto early_fail;
 
+	bts = conn_get_bts(conn);
+	cgi = cgi_for_msc(conn->sccp.msc, bts);
+
+	if (!bts || !cgi) {
+		/* should never happen */
+		LOGP(DMSC, LOGL_ERROR, "Compl L3 without lchan\n");
+		rc = -1;
+		goto early_fail;
+	}
+
 	bsc_scan_bts_msg(conn, msg);
 
 	if (gscon_is_aoip(conn)) {