From 3ee3b85bb1a5262ee663f5cba8cd09dc8b5873e2 Mon Sep 17 00:00:00 2001 From: Harald Welte Date: Wed, 12 Jul 2017 00:25:51 +0200 Subject: [PATCH] check for missing result of rate_ctr_group_alloc() In case the counter group allocation fails, we must handle this gracefully and fail the allocation of the parent object, too. RelateD: OS#2361 Change-Id: I7dad4a4d52fe05f6b990359841b4408df5990e21 --- src/gprs/gb_proxy.c | 4 ++++ src/gprs/gb_proxy_peer.c | 4 ++++ src/gprs/gprs_sgsn.c | 16 ++++++++++++++++ src/libbsc/net_init.c | 4 ++++ src/libcommon-cs/common_cs.c | 4 ++++ 5 files changed, 32 insertions(+) diff --git a/src/gprs/gb_proxy.c b/src/gprs/gb_proxy.c index d95139f8d..3603e14e6 100644 --- a/src/gprs/gb_proxy.c +++ b/src/gprs/gb_proxy.c @@ -1431,6 +1431,10 @@ int gbproxy_init_config(struct gbproxy_config *cfg) INIT_LLIST_HEAD(&cfg->bts_peers); cfg->ctrg = rate_ctr_group_alloc(tall_bsc_ctx, &global_ctrg_desc, 0); + if (!cfg->ctrg) { + LOGP(DGPRS, LOGL_ERROR, "Cannot allocate global counter group!\n"); + return -1; + } clock_gettime(CLOCK_REALTIME, &tp); return 0; diff --git a/src/gprs/gb_proxy_peer.c b/src/gprs/gb_proxy_peer.c index 5365ff0fa..890968717 100644 --- a/src/gprs/gb_proxy_peer.c +++ b/src/gprs/gb_proxy_peer.c @@ -177,6 +177,10 @@ struct gbproxy_peer *gbproxy_peer_alloc(struct gbproxy_config *cfg, uint16_t bvc peer->bvci = bvci; peer->ctrg = rate_ctr_group_alloc(peer, &peer_ctrg_desc, bvci); + if (!peer->ctrg) { + talloc_free(peer); + return NULL; + } peer->cfg = cfg; llist_add(&peer->list, &cfg->bts_peers); diff --git a/src/gprs/gprs_sgsn.c b/src/gprs/gprs_sgsn.c index 11225ddb0..93b133f3b 100644 --- a/src/gprs/gprs_sgsn.c +++ b/src/gprs/gprs_sgsn.c @@ -129,6 +129,7 @@ static const struct rate_ctr_group_desc sgsn_ctrg_desc = { void sgsn_rate_ctr_init() { sgsn->rate_ctrs = rate_ctr_group_alloc(tall_bsc_ctx, &sgsn_ctrg_desc, 0); + OSMO_ASSERT(sgsn->rate_ctrs); } /* look-up an SGSN MM context based on Iu UE context (struct ue_conn_ctx)*/ @@ -229,6 +230,11 @@ struct sgsn_mm_ctx *sgsn_mm_ctx_alloc_gb(uint32_t tlli, LOGMMCTXP(LOGL_DEBUG, ctx, "Allocated with %s cipher.\n", get_value_string(gprs_cipher_names, ctx->ciph_algo)); ctx->ctrg = rate_ctr_group_alloc(ctx, &mmctx_ctrg_desc, tlli); + if (!ctx->ctrg) { + LOGMMCTXP(LOGL_ERROR, ctx, "Cannot allocate counter group\n"); + talloc_free(ctx); + return NULL; + } INIT_LLIST_HEAD(&ctx->pdp_list); llist_add(&ctx->list, &sgsn_mm_ctxts); @@ -253,6 +259,11 @@ struct sgsn_mm_ctx *sgsn_mm_ctx_alloc_iu(void *uectx) ctx->pmm_state = PMM_DETACHED; ctx->auth_triplet.key_seq = GSM_KEY_SEQ_INVAL; ctx->ctrg = rate_ctr_group_alloc(ctx, &mmctx_ctrg_desc, 0); + if (!ctx->ctrg) { + LOGMMCTXP(LOGL_ERROR, ctx, "Cannot allocate counter group\n"); + talloc_free(ctx); + return NULL; + } /* Need to get RAID from IU conn */ ctx->ra = ctx->iu.ue_ctx->ra_id; @@ -380,6 +391,11 @@ struct sgsn_pdp_ctx *sgsn_pdp_ctx_alloc(struct sgsn_mm_ctx *mm, pdp->mm = mm; pdp->nsapi = nsapi; pdp->ctrg = rate_ctr_group_alloc(pdp, &pdpctx_ctrg_desc, nsapi); + if (!pdp->ctrg) { + LOGPDPCTXP(LOGL_ERROR, pdp, "Error allocation counter group\n"); + talloc_free(pdp); + return NULL; + } llist_add(&pdp->list, &mm->pdp_list); llist_add(&pdp->g_list, &sgsn_pdp_ctxts); diff --git a/src/libbsc/net_init.c b/src/libbsc/net_init.c index bc5ed3510..4dfc258a5 100644 --- a/src/libbsc/net_init.c +++ b/src/libbsc/net_init.c @@ -61,6 +61,10 @@ struct gsm_network *bsc_network_init(void *ctx, /* init statistics */ net->bsc_ctrs = rate_ctr_group_alloc(net, &bsc_ctrg_desc, 0); + if (!net->bsc_ctrs) { + talloc_free(net); + return NULL; + } gsm_net_update_ctype(net); diff --git a/src/libcommon-cs/common_cs.c b/src/libcommon-cs/common_cs.c index 8e19bb2b8..99206c86c 100644 --- a/src/libcommon-cs/common_cs.c +++ b/src/libcommon-cs/common_cs.c @@ -68,6 +68,10 @@ struct gsm_network *gsm_network_init(void *ctx, /* init statistics */ net->msc_ctrs = rate_ctr_group_alloc(net, &msc_ctrg_desc, 0); + if (!net->msc_ctrs) { + talloc_free(net); + return NULL; + } net->active_calls = osmo_counter_alloc("msc.active_calls"); net->mncc_recv = mncc_recv;