From: Pablo Neira Ayuso pablo@gnumonks.org
This patch fixes a segfault if we or one BTS start a TCP connection and close it before any IPAC_MSGT_ID_RESP message is sent. --- openbsc/src/ipaccess/ipaccess-proxy.c | 5 +++++ 1 files changed, 5 insertions(+), 0 deletions(-)
diff --git a/openbsc/src/ipaccess/ipaccess-proxy.c b/openbsc/src/ipaccess/ipaccess-proxy.c index 56fe160..d98eb54 100644 --- a/openbsc/src/ipaccess/ipaccess-proxy.c +++ b/openbsc/src/ipaccess/ipaccess-proxy.c @@ -806,6 +806,11 @@ static void handle_dead_socket(struct bsc_fd *bfd)
switch (bfd->priv_nr & 0xff) { case OML_FROM_BTS: /* incoming OML data from BTS, forward to BSC OML */ + /* The BTS started a connection with us but we got no + * IPAC_MSGT_ID_RESP message yet, in that scenario we did not + * allocate the ipa_bts_conn structure. */ + if (ipbc == NULL) + break; ipbc->oml_conn = NULL; bsc_conn = ipbc->bsc_oml_conn; /* close the connection to the BSC */