From 5ad4ac800cf26b8cd2f49c1580678a8df4b55f50 Mon Sep 17 00:00:00 2001
From: Andreas Eversberg <jolly@eversberg.eu>
Date: Tue, 1 Nov 2011 09:40:21 +0100
Subject: [PATCH] lapd: Fixed possible double free buf in lapd_core.c

Written-by: Andreas Eversberg <jolly@eversberg.eu>
Signed-off-by: Sylvain Munaut <tnt@246tNt.com>
---
 src/gsm/lapd_core.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/gsm/lapd_core.c b/src/gsm/lapd_core.c
index dcc215068..54adbcaa4 100644
--- a/src/gsm/lapd_core.c
+++ b/src/gsm/lapd_core.c
@@ -1920,10 +1920,11 @@ static int lapd_res_req(struct osmo_dlsap_prim *dp, struct lapd_msg_ctx *lctx)
 	if (dl->send_buffer)
 		msgb_free(dl->send_buffer);
 	dl->send_out = 0;
-	if (msg && msg->len) {
+	if (msg && msg->len)
 		/* Write data into the send buffer, to be sent first */
 		dl->send_buffer = msg;
-	}
+	else
+		dl->send_buffer = NULL;
 
 	/* Discard partly received L3 message */
 	if (dl->rcv_buffer) {