From 3521af7f3aacc373f48450d06cabf795f6a4a5b1 Mon Sep 17 00:00:00 2001
From: Alexander Couzens <lynxis@fe80.eu>
Date: Wed, 2 Nov 2016 02:41:41 +0100
Subject: abis_om2k: protect MO FSMs by NULL check

Also set MO FSMs to NULL after freeing them.

Change-Id: I30df0b9ab8bc47ba9756c8388e977deed0e40200
---
 openbsc/src/libbsc/abis_om2000.c | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

(limited to 'openbsc/src')

diff --git a/openbsc/src/libbsc/abis_om2000.c b/openbsc/src/libbsc/abis_om2000.c
index 9bf0fe2b9..82a14b269 100644
--- a/openbsc/src/libbsc/abis_om2000.c
+++ b/openbsc/src/libbsc/abis_om2000.c
@@ -1697,9 +1697,19 @@ static void om2k_mo_st_wait_opinfo_accept(struct osmo_fsm_inst *fi, uint32_t eve
 
 static void om2k_mo_s_done_onenter(struct osmo_fsm_inst *fi, uint32_t prev_state)
 {
+	struct om2k_mo_fsm_priv *omfp = fi->priv;
+	omfp->mo->fsm = NULL;
 	osmo_fsm_inst_term(fi, OSMO_FSM_TERM_REGULAR, NULL);
 }
 
+static void om2k_mo_s_error_onenter(struct osmo_fsm_inst *fi, uint32_t prev_state)
+{
+	struct om2k_mo_fsm_priv *omfp = fi->priv;
+
+	omfp->mo->fsm = NULL;
+	osmo_fsm_inst_term(fi, OSMO_FSM_TERM_ERROR, NULL);
+}
+
 static const struct osmo_fsm_state om2k_is_states[] = {
 	[OM2K_ST_INIT] = {
 		.name = "INIT",
@@ -1794,7 +1804,7 @@ static const struct osmo_fsm_state om2k_is_states[] = {
 		.name = "ERROR",
 		.in_event_mask = 0,
 		.out_state_mask = 0,
-		.onenter = om2k_mo_s_done_onenter,
+		.onenter = om2k_mo_s_error_onenter,
 	},
 
 };
@@ -2697,6 +2707,12 @@ int abis_om2k_rcvmsg(struct msgb *msg)
 		     msgb_hexdump(msg));
 		return 0;
 	}
+	if (!mo->fsm) {
+		LOGP(DNM, LOGL_ERROR, "MO object should not generate any message. fsm == NULL "
+		     "%s: %s\n", get_value_string(om2k_msgcode_vals, msg_type),
+		     msgb_hexdump(msg));
+		return 0;
+	}
 
 	/* Dispatch message to that MO */
 	om2k_mo_fsm_recvmsg(bts, mo, &odm);
-- 
cgit v1.2.3