mncc_sock: Fix potential segfault in case MNCC app dies We create a loop by not setting trans->callref = 0 before calling trans_free(), as the latter would again send a MNCC_REL_IND up the stack. Also: Fix memory leak in case we try to read from mncc_sock but socket is just gone.

commit: bd0f33c8d6f85758405476e57657bb2c11949086 [log] [tgz]
author: Harald Welte <laforge@gnumonks.org> Thu Dec 23 02:47:53 2010 +0100
committer: Harald Welte <laforge@gnumonks.org> Sat Jan 01 17:23:43 2011 +0100
tree: 26d8bfb97072ae3494f979d703895feb3c8f26a1
parent: 5be4c728b28d4356f5bc6ca388a21217187d871f [diff] [blame]
diff --git a/openbsc/src/gsm_04_08.c b/openbsc/src/gsm_04_08.c
index 9ab8840..138cdfc 100644
--- a/openbsc/src/gsm_04_08.c
+++ b/openbsc/src/gsm_04_08.c

@@ -336,8 +336,10 @@
 	LOGP(DCC, LOGL_NOTICE, "Clearing all currently active transactions!!!\n");
 
 	llist_for_each_entry_safe(trans, temp, &net->trans_list, entry) {
-		if (trans->protocol == protocol)
+		if (trans->protocol == protocol) {
+			trans->callref = 0;
 			trans_free(trans);
+		}
 	}
 }
commit	bd0f33c8d6f85758405476e57657bb2c11949086	[log] [tgz]
author	Harald Welte <laforge@gnumonks.org>	Thu Dec 23 02:47:53 2010 +0100
committer	Harald Welte <laforge@gnumonks.org>	Sat Jan 01 17:23:43 2011 +0100
tree	26d8bfb97072ae3494f979d703895feb3c8f26a1
parent	5be4c728b28d4356f5bc6ca388a21217187d871f [diff] [blame]