<p>dexter has uploaded this change for <strong>review</strong>.</p><p><a href="https://gerrit.osmocom.org/10334">View Change</a></p><pre style="font-family: monospace,monospace; white-space: pre-wrap;">GSCON: fix segfault after gscon timout<br><br>The gscon timeout callback function gscon_timer_cb() may call<br>a_reset_conn_fail(). When doing so it dereferences conn->sccp.msc.<br>However, there may be situations where sccp.msc is not populated. This<br>is the case when the subscriber connection is just created but no SCCP<br>connection is present yet.<br><br>For example, When the connection between BSC and MSC is down, then we<br>never get an SCCP connection and the timeout function executes. Then<br>the call to a_reset_conn_fail() leads into a null pointer dereference.<br><br>- Check if conn->sccp.msc is populated before calling<br> a_reset_conn_fail()<br><br>Change-Id: I0802aaadf0af4e58e41c98999e8c6823838adb61<br>Related: OS#3447<br>---<br>M src/osmo-bsc/bsc_subscr_conn_fsm.c<br>1 file changed, 2 insertions(+), 1 deletion(-)<br><br></pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;">git pull ssh://gerrit.osmocom.org:29418/osmo-bsc refs/changes/34/10334/1</pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;"><span>diff --git a/src/osmo-bsc/bsc_subscr_conn_fsm.c b/src/osmo-bsc/bsc_subscr_conn_fsm.c</span><br><span>index bc7539b..20cd53a 100644</span><br><span>--- a/src/osmo-bsc/bsc_subscr_conn_fsm.c</span><br><span>+++ b/src/osmo-bsc/bsc_subscr_conn_fsm.c</span><br><span>@@ -784,7 +784,8 @@</span><br><span> * disconnected. */</span><br><span> LOGPFSML(fi, LOGL_ERROR, "Long after a BSSMAP Clear Command, the conn is still not"</span><br><span> " released. For sanity, discarding this conn now.\n");</span><br><span style="color: hsl(0, 100%, 40%);">- a_reset_conn_fail(conn->sccp.msc->a.reset_fsm);</span><br><span style="color: hsl(120, 100%, 40%);">+ if (conn->sccp.msc)</span><br><span style="color: hsl(120, 100%, 40%);">+ a_reset_conn_fail(conn->sccp.msc->a.reset_fsm);</span><br><span> osmo_fsm_inst_term(fi, OSMO_FSM_TERM_ERROR, NULL);</span><br><span> break;</span><br><span> default:</span><br><span></span><br></pre><p>To view, visit <a href="https://gerrit.osmocom.org/10334">change 10334</a>. To unsubscribe, or for help writing mail filters, visit <a href="https://gerrit.osmocom.org/settings">settings</a>.</p><div itemscope itemtype="http://schema.org/EmailMessage"><div itemscope itemprop="action" itemtype="http://schema.org/ViewAction"><link itemprop="url" href="https://gerrit.osmocom.org/10334"/><meta itemprop="name" content="View Change"/></div></div>
<div style="display:none"> Gerrit-Project: osmo-bsc </div>
<div style="display:none"> Gerrit-Branch: master </div>
<div style="display:none"> Gerrit-MessageType: newchange </div>
<div style="display:none"> Gerrit-Change-Id: I0802aaadf0af4e58e41c98999e8c6823838adb61 </div>
<div style="display:none"> Gerrit-Change-Number: 10334 </div>
<div style="display:none"> Gerrit-PatchSet: 1 </div>
<div style="display:none"> Gerrit-Owner: dexter <pmaier@sysmocom.de> </div>