sysmobts: Avoid a crash when trying to look-up a BTS
The nanoBTS code is trying to find a struct gsm_bts based on
the ipaccess_gsmnet and the ipaccess_unit data. The pointer is
not initialized in the case of a sysmoBTS leading to a classic
NULL pointer dereference.
Move the feature init into the _init method. This way we can
re-use the start code of the nanoBTS. This ensures that the
ipaccess_gsmnet pointer is properly initialized and that the
signal handlers are installed.
diff --git a/openbsc/src/libbsc/bts_ipaccess_nanobts.c b/openbsc/src/libbsc/bts_ipaccess_nanobts.c
index 5d96967..cebb7ae 100644
--- a/openbsc/src/libbsc/bts_ipaccess_nanobts.c
+++ b/openbsc/src/libbsc/bts_ipaccess_nanobts.c
@@ -457,10 +457,17 @@
return 0;
}
-static struct gsm_network *ipaccess_gsmnet;
+struct gsm_network *ipaccess_gsmnet;
static int bts_model_nanobts_start(struct gsm_network *net)
{
+ osmo_signal_register_handler(SS_NM, bts_ipa_nm_sig_cb, NULL);
+ ipaccess_gsmnet = net;
+ return 0;
+}
+
+int bts_model_nanobts_init(void)
+{
bts_model_nanobts.features.data = &bts_model_nanobts._features_data[0];
bts_model_nanobts.features.data_len =
sizeof(bts_model_nanobts._features_data);
@@ -468,14 +475,6 @@
gsm_btsmodel_set_feature(&bts_model_nanobts, BTS_FEAT_GPRS);
gsm_btsmodel_set_feature(&bts_model_nanobts, BTS_FEAT_EGPRS);
- osmo_signal_register_handler(SS_NM, bts_ipa_nm_sig_cb, NULL);
-
- ipaccess_gsmnet = net;
- return 0;
-}
-
-int bts_model_nanobts_init(void)
-{
return gsm_bts_model_register(&bts_model_nanobts);
}