aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorHolger Hans Peter Freyther <zecke@selfish.org>2010-06-07 22:32:10 +0800
committerHolger Hans Peter Freyther <zecke@selfish.org>2010-06-07 22:32:10 +0800
commitfdfaf9c519320c168632a1578908fe58bc9c3693 (patch)
tree6f3ea779f1173e4427c664525f0dc916ecd1b673
parent4d4e6714cd74d297d08d61965dd962938a09cc11 (diff)
bsc_msc_ip: Possible crash fix on the early assignment code path
The crash happened when we had released the primary channel for one reason or another but still got the assignment complete on the secondary. This null checking is some extra caution, with the previous commit we should fail the msc_data test early in this method.
-rw-r--r--openbsc/src/bsc_msc_ip.c24
1 files changed, 13 insertions, 11 deletions
diff --git a/openbsc/src/bsc_msc_ip.c b/openbsc/src/bsc_msc_ip.c
index aedd45f38..c133ef58c 100644
--- a/openbsc/src/bsc_msc_ip.c
+++ b/openbsc/src/bsc_msc_ip.c
@@ -441,20 +441,22 @@ static int handle_ass_compl(struct msgb *msg)
return -1;
}
- /* swap the channels and release the old */
- old_chan = msg->lchan->msc_data->lchan;
- msg->lchan->msc_data->lchan = msg->lchan;
- msg->lchan->msc_data->secondary_lchan = NULL;
- old_chan->msc_data = NULL;
-
/* assign a dummy subscriber */
assign_dummy_subscr(msg->lchan);
- /* give up the old channel to not do a SACCH deactivate */
- if (old_chan->conn.subscr)
- subscr_put(old_chan->conn.subscr);
- old_chan->conn.subscr = NULL;
- put_subscr_con(&old_chan->conn, 1);
+ /* swap the channels and release the old */
+ old_chan = msg->lchan->msc_data->lchan;
+ if (old_chan) {
+ msg->lchan->msc_data->lchan = msg->lchan;
+ msg->lchan->msc_data->secondary_lchan = NULL;
+ old_chan->msc_data = NULL;
+
+ /* give up the old channel to not do a SACCH deactivate */
+ if (old_chan->conn.subscr)
+ subscr_put(old_chan->conn.subscr);
+ old_chan->conn.subscr = NULL;
+ put_subscr_con(&old_chan->conn, 1);
+ }
/* activate audio on it... */
if (is_ipaccess_bts(msg->lchan->ts->trx->bts) && msg->lchan->tch_mode != GSM48_CMODE_SIGN)