From dfd7bef6644d0c0837f7e5498bc5c86362b668dc Mon Sep 17 00:00:00 2001
From: Vadim Yanitskiy <vyanitskiy@sysmocom.de>
Date: Sun, 11 Jul 2021 13:19:22 +0600
Subject: lchan_fsm: fix potential NULL-pointer dereference

Change-Id: I373855b95f8bde0ce8f9c2ae7bf95c9135d33484
Related: SYS#5526
---
 src/osmo-bsc/lchan_fsm.c | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/src/osmo-bsc/lchan_fsm.c b/src/osmo-bsc/lchan_fsm.c
index 7b89b2db5..c9222c25d 100644
--- a/src/osmo-bsc/lchan_fsm.c
+++ b/src/osmo-bsc/lchan_fsm.c
@@ -142,9 +142,21 @@ static void _lchan_on_activation_failure(struct gsm_lchan *lchan, enum lchan_act
 	case ACTIVATE_FOR_ASSIGNMENT:
 		LOG_LCHAN(lchan, LOGL_NOTICE, "Signalling Assignment FSM of error (%s)\n",
 			  lchan->last_error ? : "unknown error");
-		_osmo_fsm_inst_dispatch(for_conn->assignment.fi, ASSIGNMENT_EV_LCHAN_ERROR, lchan,
-					file, line);
-		return;
+		if (!for_conn) {
+			LOG_LCHAN(lchan, LOGL_ERROR,
+				  "lchan activation for Assignment failed, but activation request has"
+				  " no conn\n");
+			break;
+		}
+		if (!for_conn->assignment.fi) {
+			LOG_LCHAN(lchan, LOGL_ERROR,
+				  "lchan activation for Assignment failed, but conn has no ongoing"
+				  " assignment procedure\n");
+			break;
+		}
+		_osmo_fsm_inst_dispatch(for_conn->assignment.fi, ASSIGNMENT_EV_LCHAN_ERROR,
+					lchan, file, line);
+		break;
 
 	case ACTIVATE_FOR_HANDOVER:
 		LOG_LCHAN(lchan, LOGL_NOTICE, "Signalling Handover FSM of error (%s)\n",
-- 
cgit v1.2.3