From 90717c03a22cf60123144fef859cbb1fc2a7fd10 Mon Sep 17 00:00:00 2001 From: Neels Hofmeyr Date: Tue, 18 Aug 2020 17:01:00 +0200 Subject: mscpool: fix refcount leak for unusual case of no bts by reading the code, I notice that a refcount on the subscr would be leaked if there were no bts. That is not realistically happening, but nevertheless rather rejigger so that no leak is possible, ever. Change-Id: I0b804b8136cd78a777ca02667f696cdefa90c4a9 --- src/osmo-bsc/gsm_08_08.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'src/osmo-bsc') diff --git a/src/osmo-bsc/gsm_08_08.c b/src/osmo-bsc/gsm_08_08.c index d5915f4f0..e7ef72811 100644 --- a/src/osmo-bsc/gsm_08_08.c +++ b/src/osmo-bsc/gsm_08_08.c @@ -198,6 +198,7 @@ static struct bsc_msc_data *bsc_find_msc(struct gsm_subscriber_connection *conn, bool is_emerg = false; int16_t nri_v = -1; bool is_null_nri = false; + struct gsm_bts *bts; if (msgb_l3len(msg) < sizeof(*gh)) { LOGP(DRSL, LOGL_ERROR, "There is no GSM48 header here.\n"); @@ -221,10 +222,10 @@ static struct bsc_msc_data *bsc_find_msc(struct gsm_subscriber_connection *conn, } /* Has the subscriber been paged from a connected MSC? */ - if (pdisc == GSM48_PDISC_RR && mtype == GSM48_MT_RR_PAG_RESP) { + bts = conn_get_bts(conn); + if (bts && pdisc == GSM48_PDISC_RR && mtype == GSM48_MT_RR_PAG_RESP) { subscr = bsc_subscr_find_by_mi(conn->network->bsc_subscribers, &mi); - struct gsm_bts *bts = conn_get_bts(conn); - if (bts && subscr) { + if (subscr) { msc_target = paging_get_msc(bts, subscr); bsc_subscr_put(subscr); if (is_msc_usable(msc_target, is_emerg)) { -- cgit v1.2.3