cellular-infrastructure
/
osmo-msc
mirror of https://gerrit.osmocom.org/osmo-msc
9
0
Fork 0
Code Issues Releases Wiki Activity

gsm48_tx_release_compl(): Don't use transaction after trans_free() 

In commit 39e2eadc99 a bug was introduced
that used the 'trans' after trans_free() had already been called.

This became visible now when the openbsc+lcr combination was calling
an unknown/invalid telephone number in a MO call, resulting in
a segfault.
This commit is contained in:
Harald Welte 2010-12-21 19:31:41 +01:00
parent ceeddf87f5
commit c7782dec4a
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
openbsc/src/gsm_04_08.c
View File

@ -2321,6 +2321,7 @@ static int gsm48_cc_tx_release_compl(struct gsm_trans *trans, void *arg)
struct gsm_mncc *rel = arg;
struct msgb *msg = gsm48_msgb_alloc();
struct gsm48_hdr *gh = (struct gsm48_hdr *) msgb_put(msg, sizeof(*gh));
int ret;
gh->msg_type = GSM48_MT_CC_RELEASE_COMPL;
@ -2338,9 +2339,11 @@ static int gsm48_cc_tx_release_compl(struct gsm_trans *trans, void *arg)
if (rel->fields & MNCC_F_USERUSER)
gsm48_encode_useruser(msg, 0, &rel->useruser);
ret = gsm48_conn_sendmsg(msg, trans->conn, trans);
trans_free(trans);
return gsm48_conn_sendmsg(msg, trans->conn, trans);
return ret;
}
static int gsm48_cc_rx_facility(struct gsm_trans *trans, struct msgb *msg)