aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAlexander Couzens <lynxis@fe80.eu>2020-09-18 18:28:33 +0200
committerAlexander Couzens <lynxis@fe80.eu>2020-09-18 18:32:04 +0200
commitd3c3ddeb51a16366055ed5bc9bf9935c60db58cc (patch)
tree8e87a18d45b19d7b7f6c8bd8af467cb882c9e520
parente6c5b4a9702a5729c08343001a00bd7f359a3350 (diff)
gprs_llc: _bssgp_tx_dl_ud: ensure the LLME is valid before using it
In rare cases the LLME is NULL even when the mmctx is valid. Ensure not accessing a NULL pointer. Change-Id: Id9fdfb0d88264671546f8dfc4655032ff27bf43e
-rw-r--r--src/sgsn/gprs_llc.c30
1 files changed, 17 insertions, 13 deletions
diff --git a/src/sgsn/gprs_llc.c b/src/sgsn/gprs_llc.c
index 6e22e65c..e357d16f 100644
--- a/src/sgsn/gprs_llc.c
+++ b/src/sgsn/gprs_llc.c
@@ -376,20 +376,24 @@ static int _bssgp_tx_dl_ud(struct msgb *msg, struct sgsn_mm_ctx *mmctx)
* not yet have a MMC context (e.g. XID negotiation of primarly
* LLC connection from GMM sapi). */
if (mmctx) {
+ /* In rare cases the LLME is NULL in those cases don't
+ * use the mm radio capabilities */
dup.imsi = mmctx->imsi;
- dup.drx_parms = mmctx->drx_parms;
- dup.ms_ra_cap.len = mmctx->ms_radio_access_capa.len;
- dup.ms_ra_cap.v = mmctx->ms_radio_access_capa.buf;
-
- /* make sure we only send it to the right llme */
- if (!(msgb_tlli(msg) == mmctx->gb.llme->tlli
- || msgb_tlli(msg) == mmctx->gb.llme->old_tlli)) {
- LOGP(DLLC, LOGL_ERROR,
- "_bssgp_tx_dl_ud(): Attempt to send Downlink Unitdata to wrong LLME:"
- " msgb_tlli=0x%x mmctx->gb.llme->tlli=0x%x ->old_tlli=0x%x\n",
- msgb_tlli(msg), mmctx->gb.llme->tlli, mmctx->gb.llme->old_tlli);
- msgb_free(msg);
- return -EINVAL;
+ if (mmctx->gb.llme) {
+ dup.drx_parms = mmctx->drx_parms;
+ dup.ms_ra_cap.len = mmctx->ms_radio_access_capa.len;
+ dup.ms_ra_cap.v = mmctx->ms_radio_access_capa.buf;
+
+ /* make sure we only send it to the right llme */
+ if (!(msgb_tlli(msg) == mmctx->gb.llme->tlli
+ || msgb_tlli(msg) == mmctx->gb.llme->old_tlli)) {
+ LOGP(DLLC, LOGL_ERROR,
+ "_bssgp_tx_dl_ud(): Attempt to send Downlink Unitdata to wrong LLME:"
+ " msgb_tlli=0x%x mmctx->gb.llme->tlli=0x%x ->old_tlli=0x%x\n",
+ msgb_tlli(msg), mmctx->gb.llme->tlli, mmctx->gb.llme->old_tlli);
+ msgb_free(msg);
+ return -EINVAL;
+ }
}
}
memcpy(&dup.qos_profile, qos_profile_default,