smpp: Fix use-after-free bug when ESME disconnects but has write pending

When the SMPP code free's an ESME it also free's the related write_queue
and the osmo_fd contained therein.  So if this happens while we are
in esme_link_read_cb(), we must return -EBADF to make
osmo_wqueue_bfd_cb() of libosmocore avoid further accessing related
memory.

Change-Id: I441d3b05c2f2556c530783a7f66c73adf6d845a1
Closes: OS#5565
This commit is contained in:
Harald Welte 2022-05-16 17:31:36 +02:00
parent 63494a6bef
commit 022193da73
1 changed files with 1 additions and 1 deletions

View File

@ -888,7 +888,7 @@ dead_socket:
esme->acl->esme = NULL; esme->acl->esme = NULL;
smpp_esme_put(esme); smpp_esme_put(esme);
return 0; return -EBADF;
} }
/* call-back of write queue once it wishes to write a message to the socket */ /* call-back of write queue once it wishes to write a message to the socket */