diff options
author | Neels Hofmeyr <neels@hofmeyr.de> | 2020-06-24 00:54:44 +0200 |
---|---|---|
committer | Neels Hofmeyr <neels@hofmeyr.de> | 2020-06-24 02:41:09 +0200 |
commit | ee689ecde2d476a0a669e1eeca09fcb0b4a9f195 (patch) | |
tree | 5ac166acce6ac2b6885eb2bfe281966f2c19f85f /src/osmo-bsc/gsm_08_08.c | |
parent | cce0ae11b62e69911024ffe3e27e79362e63830b (diff) |
fix segfault introduced by recent segfault fix
This recently merged patch introduced a new bad segfault in bsc_compl_l3() by
dereferencing conn->sccp.msc before it was set to the actual msc pointer:
commit 6281d4f8692729dc0022ea7a6a2068972d58e9b6
"fix crashes due to OSMO_ASSERT(conn->lchan)"
Change-Id Id681dfb0ad654bdb4b71805d1ad4f39a8bf6bbd1
Fix that by moving the new checks back further down in bsc_compl_l3(), to where
conn->sccp.msc actually points at the msc.
Change-Id: Ic5832da7c58fce583caa504a90f18c334fc234f2
Diffstat (limited to 'src/osmo-bsc/gsm_08_08.c')
-rw-r--r-- | src/osmo-bsc/gsm_08_08.c | 21 |
1 files changed, 12 insertions, 9 deletions
diff --git a/src/osmo-bsc/gsm_08_08.c b/src/osmo-bsc/gsm_08_08.c index e28850698..2829b67c7 100644 --- a/src/osmo-bsc/gsm_08_08.c +++ b/src/osmo-bsc/gsm_08_08.c @@ -480,15 +480,8 @@ int bsc_compl_l3(struct gsm_subscriber_connection *conn, struct msgb *msg, uint1 struct msgb *resp; struct gsm0808_speech_codec_list scl; int rc = -2; - struct gsm_bts *bts = conn_get_bts(conn); - struct osmo_cell_global_id *cgi = cgi_for_msc(conn->sccp.msc, bts); - - if (!bts || !cgi) { - /* should never happen */ - LOGP(DMSC, LOGL_ERROR, "Compl L3 without lchan\n"); - rc = -1; - goto early_fail; - } + struct gsm_bts *bts; + struct osmo_cell_global_id *cgi; log_set_context(LOG_CTX_BSC_SUBSCR, conn->bsub); @@ -506,6 +499,16 @@ int bsc_compl_l3(struct gsm_subscriber_connection *conn, struct msgb *msg, uint1 if (osmo_bsc_sigtran_new_conn(conn, msc) != BSC_CON_SUCCESS) goto early_fail; + bts = conn_get_bts(conn); + cgi = cgi_for_msc(conn->sccp.msc, bts); + + if (!bts || !cgi) { + /* should never happen */ + LOGP(DMSC, LOGL_ERROR, "Compl L3 without lchan\n"); + rc = -1; + goto early_fail; + } + bsc_scan_bts_msg(conn, msg); if (gscon_is_aoip(conn)) { |