diff options
author | Holger Hans Peter Freyther <holger@moiji-mobile.com> | 2013-12-27 17:37:27 +0100 |
---|---|---|
committer | Holger Hans Peter Freyther <holger@moiji-mobile.com> | 2013-12-27 17:37:27 +0100 |
commit | 1a345ca48fc3e2cd172a5020a8d204553811b379 (patch) | |
tree | 894244ef2e721f9665c6799a0bdc1b6024ee0f72 | |
parent | 2147bc4cc989928b6685669d49c79fe12f5ab913 (diff) |
lu crash: Fix a crash that likely occurred during the LU procedure
conn->loc_operation is already NULL (e.g. due a five second timeout but
we are still processing a RSL message after we initiated the release
procedure). Do not attempt to authorize a subcriber without knowing the
key_sequence.
This can cause more problems but we will need to test this in the field.
(gdb) bt
#0 gsm0408_authorize (conn=0x19fc2f0, msg=<optimized out>) at gsm_04_08.c:323
#1 gsm0408_authorize (conn=0x19fc2f0, msg=<optimized out>) at gsm_04_08.c:319
#2 0x000000000043a99a in mm_rx_id_resp (conn=0x19fc2f0, msg=<optimized out>)
at gsm_04_08.c:495
#3 gsm0408_rcv_mm (msg=<optimized out>, conn=0x19fc2f0) at gsm_04_08.c:1041
#4 gsm0408_dispatch (conn=0x19fc2f0, msg=<optimized out>) at gsm_04_08.c:3232
(gdb) p *conn
$5 = {entry = {next = 0x1746930, prev = 0x1a14270}, subscr = 0x1745eb0,
expire_timer_stopped = 1 '\001', loc_operation = 0x0, sec_operation = 0x0,
anch_operation = 0x0, silent_call = 0, put_channel = 0, sccp_con = 0x0, in_release = 0,
lchan = 0x7f8c79007218, ho_lchan = 0x0, bts = 0x1719f90, T10 = {node = {
rb_parent_color = 0, rb_right = 0x0, rb_left = 0x0}, list = {next = 0x0, prev = 0x0},
timeout = {tv_sec = 0, tv_usec = 0}, active = 0, cb = 0, data = 0x0},
secondary_lchan = 0x0}
-rw-r--r-- | openbsc/src/libmsc/gsm_04_08.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/openbsc/src/libmsc/gsm_04_08.c b/openbsc/src/libmsc/gsm_04_08.c index 75e464d5f..3efdb8f29 100644 --- a/openbsc/src/libmsc/gsm_04_08.c +++ b/openbsc/src/libmsc/gsm_04_08.c @@ -318,6 +318,9 @@ static int _gsm0408_authorize_sec_cb(unsigned int hooknum, unsigned int event, static int gsm0408_authorize(struct gsm_subscriber_connection *conn, struct msgb *msg) { + if (!conn->loc_operation) + return 0; + if (authorize_subscriber(conn->loc_operation, conn->subscr)) return gsm48_secure_channel(conn, conn->loc_operation->key_seq, |