cellular-infrastructure
/
osmo-msc
mirror of https://gerrit.osmocom.org/osmo-msc
9
0
Fork 0
Code Issues Releases Wiki Activity

mncc_sock: Fix potential segfault in case MNCC app dies 

We create a loop by not setting trans->callref = 0 before calling
trans_free(), as the latter would again send a MNCC_REL_IND up
the stack.

Also: Fix memory leak in case we try to read from mncc_sock
but socket is just gone.
This commit is contained in:
Harald Welte 2010-12-23 02:47:53 +01:00
parent 0d6f930785
commit eb76c7a93f
2 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
openbsc/src/gsm_04_08.c
View File

@ -336,8 +336,10 @@ void gsm0408_clear_all_trans(struct gsm_network *net, int protocol)
LOGP(DCC, LOGL_NOTICE, "Clearing all currently active transactions!!!\n");
llist_for_each_entry_safe(trans, temp, &net->trans_list, entry) {
if (trans->protocol == protocol)
if (trans->protocol == protocol) {
trans->callref = 0;
trans_free(trans);
}
}
}

1
openbsc/src/mncc_sock.c
View File

@ -144,6 +144,7 @@ static int mncc_sock_read(struct bsc_fd *bfd)
return rc;
close:
msgb_free(msg);
mncc_sock_close(state);
return -1;
}