diff options
| author | Harald Welte <laforge@gnumonks.org> | 2010-12-23 02:47:53 +0100 |
|---|---|---|
| committer | Harald Welte <laforge@gnumonks.org> | 2010-12-26 10:01:42 +0100 |
| commit | 214279cc624b1c789b400f4c00ca648b4a8daf27 (patch) | |
| tree | 8d9384c57b7acfbe094743cf5914307e7651bc6c /openbsc/src/gsm_04_08.c | |
| parent | f4ba9b1171ec058caa0fd27b0f137ebe39b115d4 (diff) | |
mncc_sock: Fix potential segfault in case MNCC app dies
We create a loop by not setting trans->callref = 0 before calling
trans_free(), as the latter would again send a MNCC_REL_IND up
the stack.
Also: Fix memory leak in case we try to read from mncc_sock
but socket is just gone.
Diffstat (limited to 'openbsc/src/gsm_04_08.c')
| -rw-r--r-- | openbsc/src/gsm_04_08.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/openbsc/src/gsm_04_08.c b/openbsc/src/gsm_04_08.c index 23fa9163e..29c9dbaa4 100644 --- a/openbsc/src/gsm_04_08.c +++ b/openbsc/src/gsm_04_08.c @@ -337,8 +337,10 @@ void gsm0408_clear_all_trans(struct gsm_network *net, int protocol) LOGP(DCC, LOGL_NOTICE, "Clearing all currently active transactions!!!\n"); llist_for_each_entry_safe(trans, temp, &net->trans_list, entry) { - if (trans->protocol == protocol) + if (trans->protocol == protocol) { + trans->callref = 0; trans_free(trans); + } } } |