fix sms layer timer leak/corruiption using trans_free()
we only stopped the cp1* timer on reception of cp-ack, but not
in error cases like rx of cp-error.
diff --git a/openbsc/src/gsm_04_11.c b/openbsc/src/gsm_04_11.c
index 9580b07..2994d72 100644
--- a/openbsc/src/gsm_04_11.c
+++ b/openbsc/src/gsm_04_11.c
@@ -686,7 +686,7 @@
sms_free(sms);
trans->sms.sms = NULL;
- trans_free(trans);
+ //trans_free(trans);
return 0;
}
@@ -763,7 +763,7 @@
if (trans->sms.is_mt) {
/* If this is a MT SMS DELIVER, we can clear transaction here */
trans->sms.cp_state = GSM411_CPS_IDLE;
- trans_free(trans);
+ //trans_free(trans);
}
return rc;
@@ -1069,6 +1069,11 @@
return 0;
}
+void _gsm411_sms_trans_free(struct gsm_trans *trans)
+{
+ bsc_del_timer(&trans->sms.cp_timer);
+}
+
static __attribute__((constructor)) void on_dso_load_sms(void)
{
tall_gsms_ctx = talloc_named_const(tall_bsc_ctx, 1, "sms");
diff --git a/openbsc/src/transaction.c b/openbsc/src/transaction.c
index 3825de1..5e55665 100644
--- a/openbsc/src/transaction.c
+++ b/openbsc/src/transaction.c
@@ -92,6 +92,9 @@
case GSM48_PDISC_CC:
_gsm48_cc_trans_free(trans);
break;
+ case GSM48_PDISC_SMS:
+ _gsm411_sms_trans_free(trans);
+ break;
}
if (trans->lchan)