fix: clear vlr_subscr->msc_conn_ref when the conn is discarded
Before this, it was for example possible to crash the MSC by the vty 'show
subscriber' command, which would dereference a potentially stale
vsub->msc_conn_ref pointer.
Related: OS#3050
Change-Id: Ia4105d9f135ba3216ad3c86157be7658b1d568fb
diff --git a/src/libmsc/osmo_msc.c b/src/libmsc/osmo_msc.c
index 1478c19..f6df0d2 100644
--- a/src/libmsc/osmo_msc.c
+++ b/src/libmsc/osmo_msc.c
@@ -228,6 +228,7 @@
DEBUGP(DRLL, "subscr %s: Freeing subscriber connection\n",
vlr_subscr_name(conn->vsub));
msc_subscr_cleanup(conn->vsub);
+ conn->vsub->msc_conn_ref = NULL;
vlr_subscr_put(conn->vsub);
conn->vsub = NULL;
} else