cellular-infrastructure
/
osmo-hlr
mirror of https://gerrit.osmocom.org/osmo-hlr
9
0
Fork 0
Code Issues Releases Wiki Activity

hlr.c: fix possible msgb memleaks in read_cb() 

Change-Id: I1226eeb24d7657e2782760fab1b49d5581ab53e2
This commit is contained in:
Vadim Yanitskiy 2019-05-07 21:05:18 +07:00
parent c69a18bb3d
commit d9724f4298
1 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/hlr.c
View File

@ -521,20 +521,24 @@ static int read_cb(struct osmo_gsup_conn *conn, struct msgb *msg)
if (!msgb_l2(msg) || !msgb_l2len(msg)) {
LOGP(DMAIN, LOGL_ERROR, "missing or empty L2 data\n");
return -EINVAL; /* FIXME: msgb_free(msg); */
msgb_free(msg);
return -EINVAL;
}
rc = osmo_gsup_decode(msgb_l2(msg), msgb_l2len(msg), &gsup);
if (rc < 0) {
LOGP(DMAIN, LOGL_ERROR, "error in GSUP decode: %d\n", rc);
return rc; /* FIXME: msgb_free(msg); */
msgb_free(msg);
return rc;
}
/* 3GPP TS 23.003 Section 2.2 clearly states that an IMSI with less than 5
* digits is impossible. Even 5 digits is a highly theoretical case */
if (strlen(gsup.imsi) < 5) {
if (strlen(gsup.imsi) < 5) { /* TODO: move this check to libosmogsm/gsup.c? */
LOGP(DMAIN, LOGL_ERROR, "IMSI too short: %s\n", osmo_quote_str(gsup.imsi, -1));
return gsup_send_err_reply(conn, gsup.imsi, gsup.message_type, GMM_CAUSE_INV_MAND_INFO);
gsup_send_err_reply(conn, gsup.imsi, gsup.message_type, GMM_CAUSE_INV_MAND_INFO);
msgb_free(msg);
return -EINVAL;
}
if (gsup.destination_name_len)