From 127ec05b4e7c3dfbb17720e583ed71a4fba5d622 Mon Sep 17 00:00:00 2001 From: Holger Hans Peter Freyther Date: Thu, 1 Dec 2011 08:47:53 +0100 Subject: paging: Do not crash if we get called for the wrong frame/t1/t2/t3 If someone wants to have paging for a wrong frame, gracefully return and do not fill the output buffer. Because we are on the wrong frame I think it is best to not fill the frame, this is why I did not add a check to l1_if.c to generate an empty frame. --- src/common/paging.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) (limited to 'src/common/paging.c') diff --git a/src/common/paging.c b/src/common/paging.c index 4d65a046..7197daa9 100644 --- a/src/common/paging.c +++ b/src/common/paging.c @@ -295,10 +295,20 @@ static void sort_pr_tmsi_imsi(struct paging_record *pr[], unsigned int n) /* generate paging message for given gsm time */ int paging_gen_msg(struct paging_state *ps, uint8_t *out_buf, struct gsm_time *gt) { - unsigned int group = get_pag_subch_nr(ps, gt); - struct llist_head *group_q = &ps->paging_queue[group]; + struct llist_head *group_q; + int group; int len; + group = get_pag_subch_nr(ps, gt); + if (group < 0) { + LOGP(DPAG, LOGL_ERROR, + "Paging called for GSM wrong time: FN %d/%d/%d/%d.\n", + gt->fn, gt->t1, gt->t2, gt->t3); + return -1; + } + + group_q = &ps->paging_queue[group]; + /* There is nobody to be paged, send Type1 with two empty ID */ if (llist_empty(group_q)) { //DEBUGP(DPAG, "Tx PAGING TYPE 1 (empty)\n"); -- cgit v1.2.3