From c6548bbaab1a8767fdfe1d337faf061e9523f0ba Mon Sep 17 00:00:00 2001 From: Neels Hofmeyr Date: Wed, 25 Dec 2019 23:46:06 +0100 Subject: fix nullpointer: in gsm48_rx_gmm_ra_upd_req() This caused frequent crashes at 36c3. The "proper" fix is probably elsewhere (lynxis mentions an unfinished patch), but at least this prevented some crashes during active operation. Once this is merged, we can (re)enable SGSN_Tests_Iu.TC_geran_attach_iu_rau, which tests exactly for this scenario: A Subscriber / MM context that is so far attached via GERAN, but now receives a RAU via UTRAN/Iu. Closes: OS#4339 Change-Id: Ifde15dc4151d84748f0e67b32c9c260cb2d9d8fc --- src/sgsn/gprs_gmm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/sgsn/gprs_gmm.c') diff --git a/src/sgsn/gprs_gmm.c b/src/sgsn/gprs_gmm.c index 03ff513be..0391229eb 100644 --- a/src/sgsn/gprs_gmm.c +++ b/src/sgsn/gprs_gmm.c @@ -1682,7 +1682,7 @@ static int gsm48_rx_gmm_ra_upd_req(struct sgsn_mm_ctx *mmctx, struct msgb *msg, rate_ctr_inc(&mmctx->ctrg->ctr[GMM_CTR_PKTS_SIG_IN]); /* Update the MM context with the new RA-ID */ - if (mmctx->ran_type == MM_CTX_T_GERAN_Gb) { + if (mmctx->ran_type == MM_CTX_T_GERAN_Gb && msgb_bcid(msg)) { bssgp_parse_cell_id(&mmctx->ra, msgb_bcid(msg)); /* Update the MM context with the new (i.e. foreign) TLLI */ mmctx->gb.tlli = msgb_tlli(msg); -- cgit v1.2.3