osmocom
/
libosmo-netif
mirror of https://gerrit.osmocom.org/libosmo-netif
11
0
Fork 0
Code Issues Releases Wiki Activity

ipa-stream-server: Return -EBADF in read_cb after osmo_stream_srv_destroy() 

This fixes a potential heap-use-after-free error.
When there is still data to be written the osmo_stream_srv_cb() will
call osmo_stream_srv_write() which will try to dereference conn even
though it has already been freed.

Change-Id: I5ac1920b8d4ce3b0205f00d253e7ed878fb745e3
This commit is contained in:
Daniel Willmann 2023-03-02 16:51:59 +01:00
parent 68dc5218ca
commit 6aa4b6961c
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
examples/ipa-stream-server.c
View File

@ -1,4 +1,5 @@
/* IPA stream srv example */
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
@ -61,7 +62,7 @@ int read_cb(struct osmo_stream_srv *conn)
LOGP(DSTREAMTEST, LOGL_ERROR, "cannot receive message\n");
osmo_stream_srv_destroy(conn);
msgb_free(msg);
return 0;
return -EBADF;
}
if (osmo_ipa_process_msg(msg) < 0) {
LOGP(DSTREAMTEST, LOGL_ERROR, "Bad IPA message\n");