From 8c00496e426164cbf99fafdf2324b87e25b16238 Mon Sep 17 00:00:00 2001
From: Harald Welte <laforge@gnumonks.org>
Date: Wed, 4 Jul 2012 21:53:12 +0200
Subject: [PATCH] GPRS LLC: fix segfault when transmitting downlink unit-data
 without mmctx

---
 openbsc/src/gprs/gprs_llc.c | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/openbsc/src/gprs/gprs_llc.c b/openbsc/src/gprs/gprs_llc.c
index c705c87b5..6244d186f 100644
--- a/openbsc/src/gprs/gprs_llc.c
+++ b/openbsc/src/gprs/gprs_llc.c
@@ -43,11 +43,16 @@ static int _bssgp_tx_dl_ud(struct msgb *msg, struct sgsn_mm_ctx *mmctx)
 	struct bssgp_dl_ud_par dup;
 	const uint8_t qos_profile_default[3] = { 0x00, 0x00, 0x20 };
 
-	dup.tlli = NULL;
-	dup.imsi = mmctx->imsi;
-	dup.drx_parms = mmctx->drx_parms;
-	dup.ms_ra_cap.len = mmctx->ms_radio_access_capa.len;
-	dup.ms_ra_cap.v = mmctx->ms_radio_access_capa.buf;
+	memset(&dup, 0, sizeof(dup));
+	/* before we have received some identity from the MS, we might
+	 * not yet have a MMC context (e.g. XID negotiation of primarly
+	 * LLC connection fro GMM sapi). */
+	if (mmctx) {
+		dup.imsi = mmctx->imsi;
+		dup.drx_parms = mmctx->drx_parms;
+		dup.ms_ra_cap.len = mmctx->ms_radio_access_capa.len;
+		dup.ms_ra_cap.v = mmctx->ms_radio_access_capa.buf;
+	}
 	memcpy(&dup.qos_profile, qos_profile_default,
 		sizeof(qos_profile_default));