diff options
-rw-r--r-- | src/osmo-bsc/abis_nm.c | 25 |
1 files changed, 21 insertions, 4 deletions
diff --git a/src/osmo-bsc/abis_nm.c b/src/osmo-bsc/abis_nm.c index ca0df683d..7ca4e7983 100644 --- a/src/osmo-bsc/abis_nm.c +++ b/src/osmo-bsc/abis_nm.c @@ -2699,6 +2699,7 @@ static int abis_nm_rx_ipacc(struct msgb *msg) struct tlv_parsed tp; struct ipacc_ack_signal_data signal; struct e1inp_sign_link *sign_link = msg->dst; + struct gsm_bts_trx *trx; foh = (struct abis_om_fom_hdr *) (oh->data + 1 + idstrlen); @@ -2709,6 +2710,10 @@ static int abis_nm_rx_ipacc(struct msgb *msg) abis_nm_tlv_parse(&tp, sign_link->trx->bts, foh->data, oh->length-sizeof(*foh)); + /* The message might be received over the main OML link, so we cannot + * just use sign_link->trx. Resolve it by number from the FOM header. */ + trx = gsm_bts_trx_by_nr(sign_link->trx->bts, foh->obj_inst.trx_nr); + DEBUGPFOH(DNM, foh, "Rx IPACCESS(0x%02x): %s\n", foh->msg_type, osmo_hexdump(foh->data, oh->length - sizeof(*foh))); @@ -2727,7 +2732,9 @@ static int abis_nm_rx_ipacc(struct msgb *msg) DEBUGPC(DNM, "STREAM=0x%02x ", *TLVP_VAL(&tp, NM_ATT_IPACC_STREAM_ID)); DEBUGPC(DNM, "\n"); - osmo_timer_del(&sign_link->trx->rsl_connect_timeout); + if (!trx) + goto obj_inst_error; + osmo_timer_del(&trx->rsl_connect_timeout); break; case NM_MT_IPACC_RSL_CONNECT_NACK: LOGPFOH(DNM, LOGL_ERROR, foh, "RSL CONNECT NACK "); @@ -2736,7 +2743,9 @@ static int abis_nm_rx_ipacc(struct msgb *msg) abis_nm_nack_cause_name(*TLVP_VAL(&tp, NM_ATT_NACK_CAUSES))); else LOGPC(DNM, LOGL_ERROR, "\n"); - osmo_timer_del(&sign_link->trx->rsl_connect_timeout); + if (!trx) + goto obj_inst_error; + osmo_timer_del(&trx->rsl_connect_timeout); break; case NM_MT_IPACC_SET_NVATTR_ACK: DEBUGPFOH(DNM, foh, "SET NVATTR ACK\n"); @@ -2783,12 +2792,16 @@ static int abis_nm_rx_ipacc(struct msgb *msg) case NM_MT_IPACC_RSL_CONNECT_NACK: case NM_MT_IPACC_SET_NVATTR_NACK: case NM_MT_IPACC_GET_NVATTR_NACK: - signal.trx = gsm_bts_trx_by_nr(sign_link->trx->bts, foh->obj_inst.trx_nr); + if (!trx) + goto obj_inst_error; + signal.trx = trx; signal.msg_type = foh->msg_type; osmo_signal_dispatch(SS_NM, S_NM_IPACC_NACK, &signal); break; case NM_MT_IPACC_SET_NVATTR_ACK: - signal.trx = gsm_bts_trx_by_nr(sign_link->trx->bts, foh->obj_inst.trx_nr); + if (!trx) + goto obj_inst_error; + signal.trx = trx; signal.msg_type = foh->msg_type; osmo_signal_dispatch(SS_NM, S_NM_IPACC_ACK, &signal); break; @@ -2797,6 +2810,10 @@ static int abis_nm_rx_ipacc(struct msgb *msg) } return 0; + +obj_inst_error: + LOGPFOH(DNM, LOGL_ERROR, foh, "Unknown object instance\n"); + return -EINVAL; } /* send an ip-access manufacturer specific message */ |