cellular-infrastructure
/
osmo-msc
mirror of https://gerrit.osmocom.org/osmo-msc
9
0
Fork 0
Code Issues Releases Wiki Activity
osmo-msc/src
History
Harald Welte a172e9e231 a_iface: Fix heap-use-after-free by cleaning up msgb ownership 
When we receive a msgb-wrapped primitive from the SCCP provider (stack),
it transfers msgb ownership to us (the SCCP user).  The existing code
passed the msgb ownership down into all the various downstream
functions, which each then had to take care of msgb free'ing.

Not all of the paths did eventually free the msgb.  And at least one
path used data from the primitive *after* the free

Let's restructure this in a way that no msgb ownership is transferred
down the call chain.  Instead, there's one common msgb_free() in
sccp_sap_up().  We can do this as nobody is queueing or otherwise
keeping the msgb.

Change-Id: Ie65616ccb55ec58a0224bbe3c8e004e6029ef3e6
SUMMARY: AddressSanitizer: heap-use-after-free /home/laforge/projects/git/osmo-msc/src/libmsc/a_iface.c:538 in sccp_sap_up
 		2018-02-09 22:21:20 +01:00
..
libcommon Introduce new BSSAP logging category/subsystem 2018-02-09 02:22:22 +01:00
libcommon-cs a_reset: Add additional "a_reset_alloc" argument 2018-02-09 02:20:51 +01:00
libmsc a_iface: Fix heap-use-after-free by cleaning up msgb ownership 2018-02-09 22:21:20 +01:00
libvlr GSUP: check osmo_gsup_encode() result 2018-02-08 09:29:50 +00:00
osmo-msc cosmetic: Use msgb_hexdump*() rather than manual osmo_hexdump() on msg 2018-02-09 02:22:09 +01:00
utils Remove utils imported from openbsc, fix building remaining util smpp_mirror 2017-12-05 19:16:32 +00:00
Makefile.am split off osmo-msc: remove files, apply build, rename 2017-08-29 12:51:19 +00:00