path: root/src/sgsn/gprs_gmm.c
diff options
authorNeels Hofmeyr <neels@hofmeyr.de>2019-12-25 23:46:06 +0100
committerneels <nhofmeyr@sysmocom.de>2020-05-10 22:33:27 +0000
commitc6548bbaab1a8767fdfe1d337faf061e9523f0ba (patch)
tree22f73ed5039d82a486fe8d2a6a568b8f76a41250 /src/sgsn/gprs_gmm.c
parentb2ebc59f30b67df53635f27b444e510b1c758e0c (diff)
fix nullpointer: in gsm48_rx_gmm_ra_upd_req()
This caused frequent crashes at 36c3. The "proper" fix is probably elsewhere (lynxis mentions an unfinished patch), but at least this prevented some crashes during active operation. Once this is merged, we can (re)enable SGSN_Tests_Iu.TC_geran_attach_iu_rau, which tests exactly for this scenario: A Subscriber / MM context that is so far attached via GERAN, but now receives a RAU via UTRAN/Iu. Closes: OS#4339 Change-Id: Ifde15dc4151d84748f0e67b32c9c260cb2d9d8fc
Diffstat (limited to 'src/sgsn/gprs_gmm.c')
1 files changed, 1 insertions, 1 deletions
diff --git a/src/sgsn/gprs_gmm.c b/src/sgsn/gprs_gmm.c
index 03ff513b..0391229e 100644
--- a/src/sgsn/gprs_gmm.c
+++ b/src/sgsn/gprs_gmm.c
@@ -1682,7 +1682,7 @@ static int gsm48_rx_gmm_ra_upd_req(struct sgsn_mm_ctx *mmctx, struct msgb *msg,
/* Update the MM context with the new RA-ID */
- if (mmctx->ran_type == MM_CTX_T_GERAN_Gb) {
+ if (mmctx->ran_type == MM_CTX_T_GERAN_Gb && msgb_bcid(msg)) {
bssgp_parse_cell_id(&mmctx->ra, msgb_bcid(msg));
/* Update the MM context with the new (i.e. foreign) TLLI */
mmctx->gb.tlli = msgb_tlli(msg);