openbsc.git branch master updated. 0.15.0-678-ga1613695d

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/osmocom-commitlog@lists.osmocom.org/.

gitosis at osmocom.org gitosis at osmocom.org
Sun Feb 19 13:48:47 UTC 2017 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The OpenBSC GSM Base Station Controller (+MSC/HLR/SGSN)".

The branch, master has been updated
       via  a1613695d1472e61c85706a8daeb2f83ba5364dd (commit)
      from  2c16beeb64054c83dead557ff2ae8ab9eb2b84aa (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
http://cgit.osmocom.org/openbsc/commit/?id=a1613695d1472e61c85706a8daeb2f83ba5364dd

commit a1613695d1472e61c85706a8daeb2f83ba5364dd
Author: Neels Hofmeyr <nhofmeyr at sysmocom.de>
Date:   Sun Feb 19 01:14:39 2017 +0100

    subscr_update_expire_lu(): fix (obscure) segfault
    
    To be paranoid, catch a NULL subscriber and/or bts in
    subscr_update_expire_lu(): print an error log and avoid segfault.
    (I'm not sure this would really happen in a normal situation.)
    
    During aggressive testing of Paging timeout, I came across this segfault in
    msc_release_connection() when conn->expire_timer_stopped is set but
    conn->subscr is NULL, at the subscr dereference after:
    
            if (conn->expire_timer_stopped)
                    subscr_update_expire_lu(conn->subscr, conn->bts);
    
    I brought this situation about by a fabricated Paging fault, i.e. in
    gsm48_rx_rr_pag_resp() return 0 and don't call gsm48_handle_paging_resp() at
    all. Thus conn->subscr is still NULL when expire_timer_stopped is 1.
    
    When looking at CM Service Request handling, the conn->subscr is set before
    setting expire_timer_stopped = 1, which is a saner thing to do. But without my
    mad 'return 0', there is in fact no way to have a NULL subscriber there.
    
    It looks like all other code paths already do the same, but it's not that
    obvious (e.g. _gsm48_rx_mm_serv_req_sec_cb()). So rather catch this case of
    NULL conn->subscr, and while at it catch NULL bts as well.
    
    Change-Id: I430dd952b2b928bea7f8360f1e01bb3cccb0a395

-----------------------------------------------------------------------

Summary of changes:
 openbsc/src/libmsc/gsm_subscriber.c | 10 ++++++++++
 1 file changed, 10 insertions(+)


hooks/post-receive
-- 
The OpenBSC GSM Base Station Controller (+MSC/HLR/SGSN)

More information about the osmocom-commitlog mailing list