mncc_sock: Fix potential segfault in case MNCC app dies
We create a loop by not setting trans->callref = 0 before calling trans_free(), as the latter would again send a MNCC_REL_IND up the stack. Also: Fix memory leak in case we try to read from mncc_sock but socket is just gone.
This commit is contained in:
parent
0d6f930785
commit
eb76c7a93f
|
@ -336,8 +336,10 @@ void gsm0408_clear_all_trans(struct gsm_network *net, int protocol)
|
|||
LOGP(DCC, LOGL_NOTICE, "Clearing all currently active transactions!!!\n");
|
||||
|
||||
llist_for_each_entry_safe(trans, temp, &net->trans_list, entry) {
|
||||
if (trans->protocol == protocol)
|
||||
if (trans->protocol == protocol) {
|
||||
trans->callref = 0;
|
||||
trans_free(trans);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -144,6 +144,7 @@ static int mncc_sock_read(struct bsc_fd *bfd)
|
|||
return rc;
|
||||
|
||||
close:
|
||||
msgb_free(msg);
|
||||
mncc_sock_close(state);
|
||||
return -1;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue