From c1a0f7a1f5db1177679c26554c19e72a943d9510 Mon Sep 17 00:00:00 2001 From: Philipp Maier Date: Tue, 7 Aug 2018 12:06:05 +0200 Subject: [PATCH] sigtran: fix memleak in osmo_bsc_sigtran_send() The function osmo_bsc_sigtran_send() checks if the MSC is ready by calling a_reset_conn_ready(). If it is not ready it returns with -EINVAL. The msg message buffer is not freed, so we leak memory in those edge cases. - Make sure msg is freed when MSC is not ready. - Add a comment that osmo_bsc_sigtran_send() takes ownership of msg Change-Id: Ib1ff1d20e960a356bcee276b7c1bf9c93283e7af --- src/osmo-bsc/osmo_bsc_sigtran.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/osmo-bsc/osmo_bsc_sigtran.c b/src/osmo-bsc/osmo_bsc_sigtran.c index 449f1df03..19d481787 100644 --- a/src/osmo-bsc/osmo_bsc_sigtran.c +++ b/src/osmo-bsc/osmo_bsc_sigtran.c @@ -338,7 +338,7 @@ int osmo_bsc_sigtran_open_conn(struct gsm_subscriber_connection *conn, struct ms return rc; } -/* Send data to MSC */ +/* Send data to MSC, the function will take ownership of *msg */ int osmo_bsc_sigtran_send(struct gsm_subscriber_connection *conn, struct msgb *msg) { struct osmo_ss7_instance *ss7; @@ -370,6 +370,7 @@ int osmo_bsc_sigtran_send(struct gsm_subscriber_connection *conn, struct msgb *m if (a_reset_conn_ready(msc->a.reset_fsm) == false) { LOGP(DMSC, LOGL_ERROR, "MSC is not connected. Dropping.\n"); + msgb_free(msg); return -EINVAL; }