lu crash: Fix a crash that likely occurred during the LU procedure

conn->loc_operation is already NULL (e.g. due a five second timeout but we are still processing a RSL message after we initiated the release procedure). Do not attempt to authorize a subcriber without knowing the key_sequence. This can cause more problems but we will need to test this in the field. (gdb) bt #0 gsm0408_authorize (conn=0x19fc2f0, msg=<optimized out>) at gsm_04_08.c:323 #1 gsm0408_authorize (conn=0x19fc2f0, msg=<optimized out>) at gsm_04_08.c:319 #2 0x000000000043a99a in mm_rx_id_resp (conn=0x19fc2f0, msg=<optimized out>) at gsm_04_08.c:495 #3 gsm0408_rcv_mm (msg=<optimized out>, conn=0x19fc2f0) at gsm_04_08.c:1041 #4 gsm0408_dispatch (conn=0x19fc2f0, msg=<optimized out>) at gsm_04_08.c:3232 (gdb) p *conn $5 = {entry = {next = 0x1746930, prev = 0x1a14270}, subscr = 0x1745eb0, expire_timer_stopped = 1 '\001', loc_operation = 0x0, sec_operation = 0x0, anch_operation = 0x0, silent_call = 0, put_channel = 0, sccp_con = 0x0, in_release = 0, lchan = 0x7f8c79007218, ho_lchan = 0x0, bts = 0x1719f90, T10 = {node = { rb_parent_color = 0, rb_right = 0x0, rb_left = 0x0}, list = {next = 0x0, prev = 0x0}, timeout = {tv_sec = 0, tv_usec = 0}, active = 0, cb = 0, data = 0x0}, secondary_lchan = 0x0}
2013-12-27 17:37:27 +01:00 · 2013-12-27 17:37:27 +01:00 · 1a345ca48f
parent 2147bc4cc9
commit 1a345ca48f
1 changed files with 3 additions and 0 deletions
--- a/openbsc/src/libmsc/gsm_04_08.c
+++ b/openbsc/src/libmsc/gsm_04_08.c
@ -318,6 +318,9 @@ static int _gsm0408_authorize_sec_cb(unsigned int hooknum, unsigned int event,

 static int gsm0408_authorize(struct gsm_subscriber_connection *conn, struct msgb *msg)
 {
+	if (!conn->loc_operation)
+		return 0;
+
 	if (authorize_subscriber(conn->loc_operation, conn->subscr))
 		return gsm48_secure_channel(conn,
 			conn->loc_operation->key_seq,