diff options
| author | Neels Hofmeyr <neels@hofmeyr.de> | 2018-03-09 17:04:53 +0100 |
|---|---|---|
| committer | Neels Hofmeyr <neels@hofmeyr.de> | 2018-03-10 05:17:38 +0100 |
| commit | 1db394f22b3184607d8c8392b2bdf7b0279fbeec (patch) | |
| tree | bbf0717f552e88d2fed963f09d61a7618b8fa9c2 | |
| parent | ce1298b7dce06a6577da1df328f901d6f8a12501 (diff) | |
fix: clear vlr_subscr->msc_conn_ref when the conn is discarded
Before this, it was for example possible to crash the MSC by the vty 'show
subscriber' command, which would dereference a potentially stale
vsub->msc_conn_ref pointer.
Related: OS#3050
Change-Id: Ia4105d9f135ba3216ad3c86157be7658b1d568fb
| -rw-r--r-- | src/libmsc/osmo_msc.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/libmsc/osmo_msc.c b/src/libmsc/osmo_msc.c index 1478c191e..f6df0d201 100644 --- a/src/libmsc/osmo_msc.c +++ b/src/libmsc/osmo_msc.c @@ -228,6 +228,7 @@ void msc_subscr_con_cleanup(struct gsm_subscriber_connection *conn) DEBUGP(DRLL, "subscr %s: Freeing subscriber connection\n", vlr_subscr_name(conn->vsub)); msc_subscr_cleanup(conn->vsub); + conn->vsub->msc_conn_ref = NULL; vlr_subscr_put(conn->vsub); conn->vsub = NULL; } else |