From 3c409c249de1b372d8493cb6b408ec54ff4b0a41 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Sun, 27 Mar 2011 21:31:48 +0200 Subject: ipaccess-proxy: fix segfault in handle_dead_socket This patch fixes a segfault if we or one BTS start a TCP connection and close it before any IPAC_MSGT_ID_RESP message is sent. --- openbsc/src/ipaccess/ipaccess-proxy.c | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'openbsc/src/ipaccess') diff --git a/openbsc/src/ipaccess/ipaccess-proxy.c b/openbsc/src/ipaccess/ipaccess-proxy.c index 56fe160cb..d98eb54e7 100644 --- a/openbsc/src/ipaccess/ipaccess-proxy.c +++ b/openbsc/src/ipaccess/ipaccess-proxy.c @@ -806,6 +806,11 @@ static void handle_dead_socket(struct bsc_fd *bfd) switch (bfd->priv_nr & 0xff) { case OML_FROM_BTS: /* incoming OML data from BTS, forward to BSC OML */ + /* The BTS started a connection with us but we got no + * IPAC_MSGT_ID_RESP message yet, in that scenario we did not + * allocate the ipa_bts_conn structure. */ + if (ipbc == NULL) + break; ipbc->oml_conn = NULL; bsc_conn = ipbc->bsc_oml_conn; /* close the connection to the BSC */ -- cgit v1.2.3