smpp: Fix use-after-free bug when ESME disconnects but has write pending
When the SMPP code free's an ESME it also free's the related write_queue and the osmo_fd contained therein. So if this happens while we are in esme_link_read_cb(), we must return -EBADF to make osmo_wqueue_bfd_cb() of libosmocore avoid further accessing related memory. Change-Id: I441d3b05c2f2556c530783a7f66c73adf6d845a1 Closes: OS#5565
This commit is contained in:
parent
63494a6bef
commit
022193da73
|
@ -888,7 +888,7 @@ dead_socket:
|
||||||
esme->acl->esme = NULL;
|
esme->acl->esme = NULL;
|
||||||
smpp_esme_put(esme);
|
smpp_esme_put(esme);
|
||||||
|
|
||||||
return 0;
|
return -EBADF;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* call-back of write queue once it wishes to write a message to the socket */
|
/* call-back of write queue once it wishes to write a message to the socket */
|
||||||
|
|
Loading…
Reference in New Issue