diff options
| author | Neels Hofmeyr <neels@hofmeyr.de> | 2019-12-25 23:46:06 +0100 |
|---|---|---|
| committer | neels <nhofmeyr@sysmocom.de> | 2020-05-10 22:33:27 +0000 |
| commit | c6548bbaab1a8767fdfe1d337faf061e9523f0ba (patch) | |
| tree | 22f73ed5039d82a486fe8d2a6a568b8f76a41250 /src | |
| parent | b2ebc59f30b67df53635f27b444e510b1c758e0c (diff) | |
fix nullpointer: in gsm48_rx_gmm_ra_upd_req()
This caused frequent crashes at 36c3. The "proper" fix is probably elsewhere
(lynxis mentions an unfinished patch), but at least this prevented some crashes
during active operation.
Once this is merged, we can (re)enable SGSN_Tests_Iu.TC_geran_attach_iu_rau,
which tests exactly for this scenario: A Subscriber / MM context that is so
far attached via GERAN, but now receives a RAU via UTRAN/Iu.
Closes: OS#4339
Change-Id: Ifde15dc4151d84748f0e67b32c9c260cb2d9d8fc
Diffstat (limited to 'src')
| -rw-r--r-- | src/sgsn/gprs_gmm.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/sgsn/gprs_gmm.c b/src/sgsn/gprs_gmm.c index 03ff513be..0391229eb 100644 --- a/src/sgsn/gprs_gmm.c +++ b/src/sgsn/gprs_gmm.c @@ -1682,7 +1682,7 @@ static int gsm48_rx_gmm_ra_upd_req(struct sgsn_mm_ctx *mmctx, struct msgb *msg, rate_ctr_inc(&mmctx->ctrg->ctr[GMM_CTR_PKTS_SIG_IN]); /* Update the MM context with the new RA-ID */ - if (mmctx->ran_type == MM_CTX_T_GERAN_Gb) { + if (mmctx->ran_type == MM_CTX_T_GERAN_Gb && msgb_bcid(msg)) { bssgp_parse_cell_id(&mmctx->ra, msgb_bcid(msg)); /* Update the MM context with the new (i.e. foreign) TLLI */ mmctx->gb.tlli = msgb_tlli(msg); |