diff options
| author | Philipp Maier <pmaier@sysmocom.de> | 2018-01-25 19:00:34 +0100 |
|---|---|---|
| committer | Philipp Maier <pmaier@sysmocom.de> | 2018-01-26 12:42:10 +0100 |
| commit | 40c05f07f49721e3ec89f6cd4a21a187a41336ef (patch) | |
| tree | 1873c82c5f52d0556682c3d32fd609108fa5d392 | |
| parent | 7d62629ca2a8e0b467d650bc4fed3c66178d7171 (diff) | |
fix nullpointer deref in rsl_tx_mode_modif_nack()
The function rsl_tx_mode_modif_nack() uses abis_bts_rsl_sendmsg().
This function relys on msg->trx to be set (see abis.c). However,
rsl_tx_mode_modif_nack() creates the message buffer, but does
not set msg->trx.
- Make sure that msg->trx is set properly
Change-Id: Ib5990db11df1b25dc5d321193731426b11f8005a
| -rw-r--r-- | src/common/rsl.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/common/rsl.c b/src/common/rsl.c index 1f45cc60..3d0993c3 100644 --- a/src/common/rsl.c +++ b/src/common/rsl.c @@ -1248,6 +1248,7 @@ static int rsl_tx_mode_modif_nack(struct gsm_lchan *lchan, uint8_t cause) msgb_tlv_put(msg, RSL_IE_CAUSE, 1, &cause); rsl_dch_push_hdr(msg, RSL_MT_MODE_MODIFY_NACK, chan_nr); msg->lchan = lchan; + msg->trx = lchan->ts->trx; return abis_bts_rsl_sendmsg(msg); } |