cellular-infrastructure
/
osmo-pcu
mirror of https://gerrit.osmocom.org/osmo-pcu
9
0
Fork 1
Code Issues Releases Wiki Activity
osmo-pcu/src
History
Pau Espin 4f67a9bf46 pdch: Fix heap-use-after-free in pdch->ulc 
In existing previous code, pdch->ulc would be freed in
gprs_rlcmac_pdch::free_resources() when  it became disabled as per PCUIF
info_ind (for instance, when a DYN TS is switched PDCH->SDCCH8).
However, pdch->ulc was so far only allocated during pdch_init, which is
only called during bts_alloc() time.
Hence, after first info_ind disabling it, if it became again enabled
(again by info_ind re-enabling it after SDCCH8 was not longer in use),
the pdch->ulc would be used again but it would point to freed memory.

Let's rearrange how/when resources are freed to make it more logical.
With this patch, pdch internal resources are freed upon ->disable(), and
re-allocated upon ->enable().

Change-Id: Id51f5f6a54ac9f24b784c17bc360ac38f5726fc7
 		2021-07-01 13:09:10 +02:00
..
osmo-bts-litecell15 direct_phy: Fix condition dropping rx DATA.ind payload in in 2021-03-18 14:03:35 +01:00
osmo-bts-oc2g direct_phy: Fix condition dropping rx DATA.ind payload in in 2021-03-18 14:03:35 +01:00
osmo-bts-sysmo direct_phy: Fix condition dropping rx DATA.ind payload in in 2021-03-18 14:03:35 +01:00
.gitignore Adding .gitignore to source directory 2012-06-27 17:45:15 +02:00
Makefile.am tbf: Move existing tbf_state implementation to osmo_fsm 2021-05-19 12:50:25 +02:00
bts.cpp bts: Fix typo in field name 2021-06-01 16:43:41 +02:00
bts.h pcuif: Support receiving System Information 2 2021-06-15 19:11:07 +02:00
coding_scheme.c Fix mcs_is_valid(): UNKNOWN value is not a valid (M)CS 2020-11-05 15:48:04 +01:00
coding_scheme.h Move dl_arq_type field from BTS to PCU 2021-01-18 11:54:53 +01:00
csn1.c csn1: Implement CSN_CALLBACK type in encoder 2021-05-28 18:42:42 +02:00
csn1.h csn1: fix: never use enumerated types in codec structures 2020-05-23 19:26:58 +07:00
cxx_linuxlist.h llist: Add missing const qualifier in llist cast method 2015-08-24 12:23:50 +02:00
decoding.cpp Convert gprs_bssgp_pcu.cpp to C 2021-01-19 16:28:13 +01:00
decoding.h Convert gprs_bssgp_pcu.cpp to C 2021-01-19 16:28:13 +01:00
egprs_rlc_compression.cpp Clean false positive in newer GCC version checking guard of else clause 2021-05-19 11:58:57 +02:00
egprs_rlc_compression.h egprs_rlc_compression: fix white spaces 2019-06-17 02:04:09 +02:00
encoding.cpp encoding: Encode TA in UL ACK/NACK if available 2021-05-11 13:24:13 +02:00
encoding.h Make WaitIndication T3172 configurable 2021-04-26 17:53:09 +02:00
gprs_bssgp_pcu.c Use new stat item/ctr getter APIs 2021-06-04 17:14:32 +02:00
gprs_bssgp_pcu.h gprs_bssgp_pcu: add comments to the pcu states 2021-03-23 17:47:22 +00:00
gprs_bssgp_rim.c RIM: Refactor Rx path to decode stack in proper order 2021-05-17 14:21:21 +02:00
gprs_bssgp_rim.h Initial handling support for RIM messages 2021-01-22 16:37:12 +01:00
gprs_codel.c Use clock_gettime(CLOCK_MONOTONIC) and timespec everywhere 2020-03-16 10:31:56 +00:00
gprs_codel.h Use clock_gettime(CLOCK_MONOTONIC) and timespec everywhere 2020-03-16 10:31:56 +00:00
gprs_debug.cpp Introduce NACC support 2021-01-29 12:59:30 +01:00
gprs_debug.h Introduce NACC support 2021-01-29 12:59:30 +01:00
gprs_ms.c gprs_ms: Use standarized logging on more messages 2021-03-03 20:37:38 +01:00
gprs_ms.h tbf: Move existing tbf_state implementation to osmo_fsm 2021-05-19 12:50:25 +02:00
gprs_ms_storage.cpp Unify BTS into a C usable structure 2021-01-19 16:28:10 +01:00
gprs_ms_storage.h Unify BTS into a C usable structure 2021-01-19 16:28:10 +01:00
gprs_pcu.c Implement T3141 2021-05-11 11:32:44 +02:00
gprs_pcu.h vty: Add configuration for Gb DSCP and socket priority 2021-04-29 22:13:05 +02:00
gprs_rlcmac.cpp Allow multiple bts objects in PCU 2021-01-20 12:36:21 +01:00
gprs_rlcmac.h Remove uneeded ms param from alloc_algorithm_func_t func 2021-02-26 11:50:21 +01:00
gprs_rlcmac_meas.cpp pdch: rcv pkt meas rep: Allocate MS object early in path and use it 2020-08-24 07:50:49 +00:00
gprs_rlcmac_sched.cpp gprs_rlcmac_sched: fix incorrect length for CTR_RLC_DL_BYTES 2021-06-21 02:33:07 +02:00
gprs_rlcmac_ts_alloc.cpp alloc_algorithm_b: Rearrange variable initialization 2021-05-10 12:25:24 +02:00
gsm_rlcmac.c gsm_rlcmac.c: Fix arg list of 2 callbacks 2021-05-28 18:42:42 +02:00
gsm_rlcmac.h gsm_rlcmac: use consistent naming for [Extended] Packet Timing Advance 2020-08-24 10:53:08 +00:00
llc.cpp llc: use memset to fill llc dummy frame padding 2021-03-02 12:28:32 +01:00
llc.h Unify BTS into a C usable structure 2021-01-19 16:28:10 +01:00
mslot_class.c mslot_class: two more: use uint32_t to shift 1 << 31 2018-03-28 14:44:47 +02:00
mslot_class.h Simplify TS alloc: move slot check into functions 2018-02-21 12:08:40 +00:00
nacc_fsm.c Use new stat item/ctr getter APIs 2021-06-04 17:14:32 +02:00
nacc_fsm.h nacc: Implement Pkt Cell Change Continue retransmission 2021-02-03 08:34:04 +00:00
neigh_cache.c nacc_fsm: Support receiving Pkt Cell Change Notify in state WAIT_RESOLVE_RAC_CI 2021-02-11 13:17:16 +01:00
neigh_cache.h nacc_fsm: Support receiving Pkt Cell Change Notify in state WAIT_RESOLVE_RAC_CI 2021-02-11 13:17:16 +01:00
osmobts_sock.c pdch: Fix heap-use-after-free in pdch->ulc 2021-07-01 13:09:10 +02:00
pcu_l1_if.cpp pdch: Fix heap-use-after-free in pdch->ulc 2021-07-01 13:09:10 +02:00
pcu_l1_if.h Support proto IPAC_PROTO_EXT_PCU BSC<->PCU 2021-06-25 17:20:50 +02:00
pcu_main.cpp gprs_ns2: migrate to the new vty syntax 2021-01-28 19:55:14 +01:00
pcu_utils.h pdch_ulc: Support picking RRBP other than N+13 2021-03-31 17:39:50 +02:00
pcu_vty.c vty: Add configuration for Gb DSCP and socket priority 2021-04-29 22:13:05 +02:00
pcu_vty.h vty: add attributes to VTY commands indicating when they apply 2020-10-08 07:16:31 +00:00
pcu_vty_functions.cpp Move TBF list from BTS to the TRX structure 2021-05-19 12:50:25 +02:00
pcu_vty_functions.h Rename 'bts_data' leftovers to 'bts' 2021-01-19 16:28:13 +01:00
pdch.cpp pdch: Fix heap-use-after-free in pdch->ulc 2021-07-01 13:09:10 +02:00
pdch.h pdch: Fix heap-use-after-free in pdch->ulc 2021-07-01 13:09:10 +02:00
pdch_ul_controller.c pdch: Log pdch_ulc reason upon rx of pkt ctrl ack 2021-06-07 18:16:55 +02:00
pdch_ul_controller.h pdch: Log pdch_ulc reason upon rx of pkt ctrl ack 2021-06-07 18:16:55 +02:00
rlc.cpp Unify BTS into a C usable structure 2021-01-19 16:28:10 +01:00
rlc.h rlc.h: Fix struct bit fields on big endian systems 2021-02-04 12:59:40 +01:00
sba.c sba: Drop unused function find_sba_rts 2021-04-22 19:46:54 +02:00
sba.h sba: Drop unused function find_sba_rts 2021-04-22 19:46:54 +02:00
tbf.cpp tbf: Move existing tbf_state implementation to osmo_fsm 2021-05-19 12:50:25 +02:00
tbf.h tbf: Move existing tbf_state implementation to osmo_fsm 2021-05-19 12:50:25 +02:00
tbf_dl.cpp Use new stat item/ctr getter APIs 2021-06-04 17:14:32 +02:00
tbf_dl.h Convert gprs_bssgp_pcu.cpp to C 2021-01-19 16:28:13 +01:00
tbf_fsm.c tbf: Move existing tbf_state implementation to osmo_fsm 2021-05-19 12:50:25 +02:00
tbf_fsm.h tbf: Move existing tbf_state implementation to osmo_fsm 2021-05-19 12:50:25 +02:00
tbf_ul.cpp Use new stat item/ctr getter APIs 2021-06-04 17:14:32 +02:00
tbf_ul.h Implement T3141 2021-05-11 11:32:44 +02:00
wireshark_compat.h Move gsm_rlcmac.cpp -> .c 2020-03-30 10:08:02 +00:00