Change in osmo-bsc[master]: GSCON: fix segfault after gscon timout

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.

dexter gerrit-no-reply at lists.osmocom.org
Fri Aug 3 15:07:17 UTC 2018


dexter has uploaded this change for review. ( https://gerrit.osmocom.org/10334


Change subject: GSCON: fix segfault after gscon timout
......................................................................

GSCON: fix segfault after gscon timout

The gscon timeout callback function gscon_timer_cb() may call
a_reset_conn_fail(). When doing so it dereferences conn->sccp.msc.
However, there may be situations where sccp.msc is not populated. This
is the case when the subscriber connection is just created but no SCCP
connection is present yet.

For example, When the connection between BSC and MSC is down, then we
never get an SCCP connection and the timeout function executes. Then
the call to a_reset_conn_fail() leads into a null pointer dereference.

- Check if conn->sccp.msc is populated before calling
  a_reset_conn_fail()

Change-Id: I0802aaadf0af4e58e41c98999e8c6823838adb61
Related: OS#3447
---
M src/osmo-bsc/bsc_subscr_conn_fsm.c
1 file changed, 2 insertions(+), 1 deletion(-)



  git pull ssh://gerrit.osmocom.org:29418/osmo-bsc refs/changes/34/10334/1

diff --git a/src/osmo-bsc/bsc_subscr_conn_fsm.c b/src/osmo-bsc/bsc_subscr_conn_fsm.c
index bc7539b..20cd53a 100644
--- a/src/osmo-bsc/bsc_subscr_conn_fsm.c
+++ b/src/osmo-bsc/bsc_subscr_conn_fsm.c
@@ -784,7 +784,8 @@
 		 * disconnected. */
 		LOGPFSML(fi, LOGL_ERROR, "Long after a BSSMAP Clear Command, the conn is still not"
 			 " released. For sanity, discarding this conn now.\n");
-		a_reset_conn_fail(conn->sccp.msc->a.reset_fsm);
+		if (conn->sccp.msc)
+			a_reset_conn_fail(conn->sccp.msc->a.reset_fsm);
 		osmo_fsm_inst_term(fi, OSMO_FSM_TERM_ERROR, NULL);
 		break;
 	default:

-- 
To view, visit https://gerrit.osmocom.org/10334
To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings

Gerrit-Project: osmo-bsc
Gerrit-Branch: master
Gerrit-MessageType: newchange
Gerrit-Change-Id: I0802aaadf0af4e58e41c98999e8c6823838adb61
Gerrit-Change-Number: 10334
Gerrit-PatchSet: 1
Gerrit-Owner: dexter <pmaier at sysmocom.de>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osmocom.org/pipermail/gerrit-log/attachments/20180803/1a0d6215/attachment.htm>


More information about the gerrit-log mailing list