From 40c05f07f49721e3ec89f6cd4a21a187a41336ef Mon Sep 17 00:00:00 2001
From: Philipp Maier <pmaier@sysmocom.de>
Date: Thu, 25 Jan 2018 19:00:34 +0100
Subject: fix nullpointer deref in rsl_tx_mode_modif_nack()

The function rsl_tx_mode_modif_nack() uses abis_bts_rsl_sendmsg().
This function relys on msg->trx to be set (see abis.c). However,
rsl_tx_mode_modif_nack() creates the message buffer, but does
not set msg->trx.

- Make sure that msg->trx is set properly

Change-Id: Ib5990db11df1b25dc5d321193731426b11f8005a
---
 src/common/rsl.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/common/rsl.c b/src/common/rsl.c
index 1f45cc60..3d0993c3 100644
--- a/src/common/rsl.c
+++ b/src/common/rsl.c
@@ -1248,6 +1248,7 @@ static int rsl_tx_mode_modif_nack(struct gsm_lchan *lchan, uint8_t cause)
 	msgb_tlv_put(msg, RSL_IE_CAUSE, 1, &cause);
 	rsl_dch_push_hdr(msg, RSL_MT_MODE_MODIFY_NACK, chan_nr);
 	msg->lchan = lchan;
+	msg->trx = lchan->ts->trx;
 
 	return abis_bts_rsl_sendmsg(msg);
 }
-- 
cgit v1.2.3