From 86b17172fd533fa6588e6beab9782fc4e2193810 Mon Sep 17 00:00:00 2001
From: "Harald Welte (local)" <laflocal@hanuman.gnumonks.org>
Date: Fri, 14 Aug 2009 14:52:17 +0200
Subject: fix sms layer timer leak/corruiption using trans_free()

we only stopped the cp1* timer on reception of cp-ack, but not
in error cases like rx of cp-error.
---
 openbsc/src/gsm_04_11.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

(limited to 'openbsc/src/gsm_04_11.c')

diff --git a/openbsc/src/gsm_04_11.c b/openbsc/src/gsm_04_11.c
index 9580b0727..2994d7207 100644
--- a/openbsc/src/gsm_04_11.c
+++ b/openbsc/src/gsm_04_11.c
@@ -686,7 +686,7 @@ static int gsm411_rx_rp_error(struct msgb *msg, struct gsm_trans *trans,
 	sms_free(sms);
 	trans->sms.sms = NULL;
 
-	trans_free(trans);
+	//trans_free(trans);
 
 	return 0;
 }
@@ -763,7 +763,7 @@ static int gsm411_tx_cp_ack(struct gsm_trans *trans)
 	if (trans->sms.is_mt) {
 		/* If this is a MT SMS DELIVER, we can clear transaction here */
 		trans->sms.cp_state = GSM411_CPS_IDLE;
-		trans_free(trans);
+		//trans_free(trans);
 	}
 
 	return rc;
@@ -1069,6 +1069,11 @@ static int subscr_sig_cb(unsigned int subsys, unsigned int signal,
 	return 0;
 }
 
+void _gsm411_sms_trans_free(struct gsm_trans *trans)
+{
+	bsc_del_timer(&trans->sms.cp_timer);
+}
+
 static __attribute__((constructor)) void on_dso_load_sms(void)
 {
 	tall_gsms_ctx = talloc_named_const(tall_bsc_ctx, 1, "sms");
-- 
cgit v1.2.3