From 756bfca599630ee64393d877343a9034416d20c3 Mon Sep 17 00:00:00 2001
From: Harald Welte <laforge@gnumonks.org>
Date: Sun, 25 Feb 2018 01:59:16 +0100
Subject: RSL IPA DLCX: Avoid null-pointer dereference

In case a DLCX is issued without any CRCX before, let's handle this
gracefully and simply ack the DLCX anyway.

Change-Id: I7c5bedccfc5a7cf552a9ce3a2dc712081c7ce177
Closes: OS#2996
---
 src/common/rsl.c | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/src/common/rsl.c b/src/common/rsl.c
index 2d3f0d60..217393d5 100644
--- a/src/common/rsl.c
+++ b/src/common/rsl.c
@@ -1904,11 +1904,13 @@ static int rsl_rx_ipac_dlcx(struct msgb *msg)
 		inc_conn_id = 1;
 
 	rc = rsl_tx_ipac_dlcx_ack(lchan, inc_conn_id);
-	osmo_rtp_socket_log_stats(lchan->abis_ip.rtp_socket, DRTP, LOGL_INFO,
-		"Closing RTP socket on DLCX ");
-	osmo_rtp_socket_free(lchan->abis_ip.rtp_socket);
-	lchan->abis_ip.rtp_socket = NULL;
-	msgb_queue_flush(&lchan->dl_tch_queue);
+	if (lchan->abis_ip.rtp_socket) {
+		osmo_rtp_socket_log_stats(lchan->abis_ip.rtp_socket, DRTP, LOGL_INFO,
+					  "Closing RTP socket on DLCX ");
+		osmo_rtp_socket_free(lchan->abis_ip.rtp_socket);
+		lchan->abis_ip.rtp_socket = NULL;
+		msgb_queue_flush(&lchan->dl_tch_queue);
+	}
 	return rc;
 }
 
-- 
cgit v1.2.3