aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNeels Hofmeyr <neels@hofmeyr.de>2019-12-25 23:46:06 +0100
committerneels <nhofmeyr@sysmocom.de>2020-05-10 22:33:27 +0000
commitc6548bbaab1a8767fdfe1d337faf061e9523f0ba (patch)
tree22f73ed5039d82a486fe8d2a6a568b8f76a41250
parentb2ebc59f30b67df53635f27b444e510b1c758e0c (diff)
fix nullpointer: in gsm48_rx_gmm_ra_upd_req()
This caused frequent crashes at 36c3. The "proper" fix is probably elsewhere (lynxis mentions an unfinished patch), but at least this prevented some crashes during active operation. Once this is merged, we can (re)enable SGSN_Tests_Iu.TC_geran_attach_iu_rau, which tests exactly for this scenario: A Subscriber / MM context that is so far attached via GERAN, but now receives a RAU via UTRAN/Iu. Closes: OS#4339 Change-Id: Ifde15dc4151d84748f0e67b32c9c260cb2d9d8fc
-rw-r--r--src/sgsn/gprs_gmm.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/sgsn/gprs_gmm.c b/src/sgsn/gprs_gmm.c
index 03ff513b..0391229e 100644
--- a/src/sgsn/gprs_gmm.c
+++ b/src/sgsn/gprs_gmm.c
@@ -1682,7 +1682,7 @@ static int gsm48_rx_gmm_ra_upd_req(struct sgsn_mm_ctx *mmctx, struct msgb *msg,
rate_ctr_inc(&mmctx->ctrg->ctr[GMM_CTR_PKTS_SIG_IN]);
/* Update the MM context with the new RA-ID */
- if (mmctx->ran_type == MM_CTX_T_GERAN_Gb) {
+ if (mmctx->ran_type == MM_CTX_T_GERAN_Gb && msgb_bcid(msg)) {
bssgp_parse_cell_id(&mmctx->ra, msgb_bcid(msg));
/* Update the MM context with the new (i.e. foreign) TLLI */
mmctx->gb.tlli = msgb_tlli(msg);