cellular-infrastructure
/
osmo-pcu
mirror of https://gerrit.osmocom.org/osmo-pcu
9
0
Fork 1
Code Issues Releases Wiki Activity

NACC: Fix crash freeing struct if CTRL conn was refused during alloc 

Older versions of osmo_ctrl_conn_alloc() may not properly initialize
write_queue.bfd.fd to -1, which means if osmo_sock_init2_ofd() failed
during nacc_fsm_alloc(), the destructor would wrongly enter the conditon
where the whole structure is set and unregister the unregistered fd.

Related: libosmocore Change-Id I98f744d2880fbb883719cdf1d3eb31f2b22a13b6
Related: SYS#4909
Change-Id: I253bd9087b1f7ab039aa1127e9dc586f5106905a
This commit is contained in:
Pau Espin 2021-01-27 17:05:12 +01:00
parent c0a250d17d
commit 202a47886c
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/nacc_fsm.c
View File

@ -623,6 +623,9 @@ struct nacc_fsm_ctx *nacc_fsm_alloc(struct GprsMs* ms)
ctx->neigh_ctrl_conn = osmo_ctrl_conn_alloc(ctx, ctx->neigh_ctrl);
if (!ctx->neigh_ctrl_conn)
goto free_ret;
/* Older versions of osmo_ctrl_conn_alloc didn't properly initialize fd to -1,
* so make sure to do it here otherwise fd may be valid fd 0 and cause trouble */
ctx->neigh_ctrl_conn->write_queue.bfd.fd = -1;
llist_add(&ctx->neigh_ctrl_conn->list_entry, &ctx->neigh_ctrl->ccon_list);
rc = osmo_sock_init2_ofd(&ctx->neigh_ctrl_conn->write_queue.bfd,