lce: clear retransmission pointer when opening/confirming a new transaction

Fix use-after-free when the transaction is used for a second time. Signed-off-by: Patrick McHardy <kaber@trash.net>
author: Patrick McHardy <kaber@trash.net> 2010-08-02 23:31:26 +0200
committer: Patrick McHardy <kaber@trash.net> 2010-08-02 23:31:26 +0200
commit: 7b406ad5ccead37da4c8c2ec044528811a89e907 (patch)
tree: 65adef746bafd41d29650bee05dc218998c03db2 /src
parent: 1d3662c3dfb5ac144a4b6f3a1ca321ea2e478297 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/src/lce.c b/src/lce.c
index 1bc4bc9..9858fff 100644
--- a/src/lce.c
+++ b/src/lce.c
@@ -1076,6 +1076,7 @@ int dect_ddl_transaction_open(struct dect_handle *dh, struct dect_transaction *t
 
 	ddl_debug(ddl, "open transaction: %s TV: %u", protocol->name, tv);
 	ta->link  = ddl;
+	ta->mb    = NULL;
 	ta->pd	  = pd;
 	ta->role  = DECT_TRANSACTION_INITIATOR;
 	ta->state = DECT_TRANSACTION_OPEN;
@@ -1101,6 +1102,7 @@ void dect_transaction_confirm(struct dect_handle *dh, struct dect_transaction *t
 			      const struct dect_transaction *req)
 {
 	ta->link  = req->link;
+	ta->mb    = NULL;
 	ta->tv    = req->tv;
 	ta->role  = req->role;
 	ta->pd    = req->pd;
author	Patrick McHardy <kaber@trash.net>	2010-08-02 23:31:26 +0200
committer	Patrick McHardy <kaber@trash.net>	2010-08-02 23:31:26 +0200
commit	7b406ad5ccead37da4c8c2ec044528811a89e907 (patch)
tree	65adef746bafd41d29650bee05dc218998c03db2 /src
parent	1d3662c3dfb5ac144a4b6f3a1ca321ea2e478297 (diff)