hnb_read_cb(): -EBADF must be returned if conn is freed to avoid use-after-free

Otherwise the libosmo-netif stream API may continue accessing the conn
after returning if the socket has the WRITE flag active in the same main
loop iteration.

Change-Id: I628c59a88d94d299f432f405b37fbe602381d47e

src/osmo-hnbgw/hnbgw.c

@@ -264,7 +264,7 @@ static int hnb_read_cb(struct osmo_stream_srv *conn)
 				       "sctp_recvmsg(%s) = SCTP_COMM_LOST, closing conn\n",
 				       osmo_sock_get_name2(ofd->fd));
 				osmo_stream_srv_destroy(conn);
-				rc = -1;
+				rc = -EBADF;
 				break;
 			case SCTP_RESTART:
 				LOGHNB(hnb, DMAIN, LOGL_NOTICE, "HNB SCTP conn RESTARTed, marking as HNBAP-unregistered\n");
@@ -277,7 +277,7 @@ static int hnb_read_cb(struct osmo_stream_srv *conn)
 			       "sctp_recvmsg(%s) = SCTP_SHUTDOWN_EVENT, closing conn\n",
 			       osmo_sock_get_name2(ofd->fd));
 			osmo_stream_srv_destroy(conn);
-			rc = -1;
+			rc = -EBADF;
 			break;
 		}
 		goto out;
@@ -291,12 +291,13 @@ static int hnb_read_cb(struct osmo_stream_srv *conn)
 		LOGHNB(hnb, DMAIN, LOGL_ERROR, "Error during sctp_recvmsg(%s)\n",
 		       osmo_sock_get_name2(ofd->fd));
 		osmo_stream_srv_destroy(conn);
+		rc = -EBADF;
 		goto out;
 	} else if (rc == 0) {
 		LOGHNB(hnb, DMAIN, LOGL_NOTICE, "Connection closed sctp_recvmsg(%s) = 0\n",
 		       osmo_sock_get_name2(ofd->fd));
 		osmo_stream_srv_destroy(conn);
-		rc = -1;
+		rc = -EBADF;
 		goto out;
 	} else {
 		msgb_put(msg, rc);