diff options
author | Harald Welte <laforge@gnumonks.org> | 2015-12-25 20:12:28 +0100 |
---|---|---|
committer | Neels Hofmeyr <nhofmeyr@sysmocom.de> | 2016-03-03 16:19:07 +0100 |
commit | 342f59d92e1503b4eba6d2db6861b1701b193055 (patch) | |
tree | 821ac3912a96476b060f77b63235c52110f68666 /openbsc/src/gprs/gprs_gmm.c | |
parent | aefb0c45e921f738eee7ce1f7149e0114d8528c0 (diff) |
gprs_gmm.c: Don't try to de-reference NULL mmctx
There was a comment in the code that certain GMM messages require a
valid mmctx pointer. However, nothing actually checked if that pointer
was in fact non-NULL. We plainly crashed if a MS would send us the
wrong message in the wrong state.
Diffstat (limited to 'openbsc/src/gprs/gprs_gmm.c')
-rw-r--r-- | openbsc/src/gprs/gprs_gmm.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/openbsc/src/gprs/gprs_gmm.c b/openbsc/src/gprs/gprs_gmm.c index 4dcd4cdb3..d06b2c0d6 100644 --- a/openbsc/src/gprs/gprs_gmm.c +++ b/openbsc/src/gprs/gprs_gmm.c @@ -1345,7 +1345,17 @@ static int gsm0408_rcv_gmm(struct sgsn_mm_ctx *mmctx, struct msgb *msg, case GSM48_MT_GMM_ATTACH_REQ: rc = gsm48_rx_gmm_att_req(mmctx, msg, llme); break; + default: + break; + } + /* For all the following types mmctx can not be NULL */ + if (!mmctx) { + /* FIXME: return some error? */ + return -1; + } + + switch (gh->msg_type) { case GSM48_MT_GMM_ID_RESP: rc = gsm48_rx_gmm_id_resp(mmctx, msg); break; |