From: Pablo Neira Ayuso <[email protected]>
This patch fixes a segfault if we or one BTS start a TCP connection
and close it before any IPAC_MSGT_ID_RESP message is sent.
---
openbsc/src/ipaccess/ipaccess-proxy.c | 5 +++++
1 files changed, 5 insertions(+), 0 deletions(-)
diff --git a/openbsc/src/ipaccess/ipaccess-proxy.c
b/openbsc/src/ipaccess/ipaccess-proxy.c
index 56fe160..d98eb54 100644
--- a/openbsc/src/ipaccess/ipaccess-proxy.c
+++ b/openbsc/src/ipaccess/ipaccess-proxy.c
@@ -806,6 +806,11 @@ static void handle_dead_socket(struct bsc_fd *bfd)
switch (bfd->priv_nr & 0xff) {
case OML_FROM_BTS: /* incoming OML data from BTS, forward to BSC OML */
+ /* The BTS started a connection with us but we got no
+ * IPAC_MSGT_ID_RESP message yet, in that scenario we did not
+ * allocate the ipa_bts_conn structure. */
+ if (ipbc == NULL)
+ break;
ipbc->oml_conn = NULL;
bsc_conn = ipbc->bsc_oml_conn;
/* close the connection to the BSC */
--
1.7.2.3
