diff options
author | Neels Hofmeyr <nhofmeyr@sysmocom.de> | 2022-05-31 00:16:39 +0200 |
---|---|---|
committer | Neels Hofmeyr <nhofmeyr@sysmocom.de> | 2022-05-31 00:24:08 +0200 |
commit | aae8c2513dfb69eedb2fe3e9ec53bf5b0c261828 (patch) | |
tree | cd4b572ab0a08b203e44e3eb3eeae2b24bb001aa /src/osmo-bsc/nm_gprs_cell_fsm.c | |
parent | 58ac749424b4521b6a745e6d54aa462c453f585f (diff) |
fix rare segfault in MGCP client handling
Add missing conn->assignment.created_ci_for_msc to
gscon_forget_mgw_endpoint_ci().
Before this patch, when assignment.created_ci_for_msc lingers after a
DLCX, it can cause a use-after-free on assignment_reset(). Possible
scenario is rx BSSMAP Clear Cmd during ongoing Assignment.
In assignment_reset(), locally cache the ci pointer, because
gscon_forget_mgw_endpoint_ci() now NULLs created_ci_for_msc.
Related: OS#5572
Change-Id: If89610020f47fd6517081dd11b83911b043bd0f1
Diffstat (limited to 'src/osmo-bsc/nm_gprs_cell_fsm.c')
0 files changed, 0 insertions, 0 deletions