aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorHarald Welte <laforge@osmocom.org>2020-12-12 15:58:28 +0100
committerHarald Welte <laforge@osmocom.org>2020-12-12 16:16:57 +0100
commit1aa0ae9db162c02c5202fafd880afee9fe6ad1a2 (patch)
tree21bee17b867ca72251a127a593da77a050903357 /src
parentcab858824233597a15debe4c78bd867e58aa6335 (diff)
gbproxy: Fix segfault when receiving PAGING for unknown destination
The 'nse' variable had been used both as the input argument of the SGSN-side NSE, as well as a loop iteration variable. Let's separate this clearly. Closes: OS#4904 Change-Id: I375a219cd72eb11a9a0cb7d55a3efb7b83b771ac
Diffstat (limited to 'src')
-rw-r--r--src/gbproxy/gb_proxy.c13
1 files changed, 7 insertions, 6 deletions
diff --git a/src/gbproxy/gb_proxy.c b/src/gbproxy/gb_proxy.c
index 5e6f23897..a976d252f 100644
--- a/src/gbproxy/gb_proxy.c
+++ b/src/gbproxy/gb_proxy.c
@@ -828,11 +828,12 @@ err_no_bvc:
}
/* Receive paging request from SGSN, we need to relay to proper BSS */
-static int gbprox_rx_paging(struct gbproxy_nse *nse, struct msgb *msg, const char *pdut_name,
+static int gbprox_rx_paging(struct gbproxy_nse *sgsn_nse, struct msgb *msg, const char *pdut_name,
struct tlv_parsed *tp, uint16_t ns_bvci)
{
- struct gbproxy_config *cfg = nse->cfg;
+ struct gbproxy_config *cfg = sgsn_nse->cfg;
struct gbproxy_bvc *sgsn_bvc, *bss_bvc;
+ struct gbproxy_nse *nse;
unsigned int n_nses = 0;
int errctr = GBPROX_GLOB_CTR_PROTO_ERR_SGSN;
int i, j;
@@ -842,9 +843,9 @@ static int gbprox_rx_paging(struct gbproxy_nse *nse, struct msgb *msg, const cha
if (TLVP_PRES_LEN(tp, BSSGP_IE_BVCI, 2)) {
uint16_t bvci = ntohs(tlvp_val16_unal(tp, BSSGP_IE_BVCI));
errctr = GBPROX_GLOB_CTR_OTHER_ERR;
- sgsn_bvc = gbproxy_bvc_by_bvci(nse, bvci);
+ sgsn_bvc = gbproxy_bvc_by_bvci(sgsn_nse, bvci);
if (!sgsn_bvc) {
- LOGPNSE(nse, LOGL_NOTICE, "Rx %s: unable to route: BVCI=%05u unknown\n",
+ LOGPNSE(sgsn_nse, LOGL_NOTICE, "Rx %s: unable to route: BVCI=%05u unknown\n",
pdut_name, bvci);
rate_ctr_inc(&cfg->ctrg->ctr[errctr]);
return -EINVAL;
@@ -893,12 +894,12 @@ static int gbprox_rx_paging(struct gbproxy_nse *nse, struct msgb *msg, const cha
}
}
} else {
- LOGPNSE(nse, LOGL_ERROR, "BSSGP PAGING: unable to route, missing IE\n");
+ LOGPNSE(sgsn_nse, LOGL_ERROR, "BSSGP PAGING: unable to route, missing IE\n");
rate_ctr_inc(&cfg->ctrg->ctr[errctr]);
}
if (n_nses == 0) {
- LOGPNSE(nse, LOGL_ERROR, "BSSGP PAGING: unable to route, no destination found\n");
+ LOGPNSE(sgsn_nse, LOGL_ERROR, "BSSGP PAGING: unable to route, no destination found\n");
rate_ctr_inc(&cfg->ctrg->ctr[errctr]);
return -EINVAL;
}