mirror of https://gerrit.osmocom.org/libosmocore
gprs_ns2: free_nse: free the SNS fsm early
If the SNS fsm isn't freed early, the SNS code will re-create a NSVC when calling free_nsvc(). Fixes libasan heap-use-after-free. Change-Id: If350df1d8d6dcea5715dd23b8bd1d684098cdb1f
This commit is contained in:
parent
662d10dcda
commit
2665388e26
|
@ -831,12 +831,15 @@ void gprs_ns2_free_nse(struct gprs_ns2_nse *nse)
|
||||||
return;
|
return;
|
||||||
|
|
||||||
nse->alive = false;
|
nse->alive = false;
|
||||||
|
if (nse->bss_sns_fi) {
|
||||||
|
osmo_fsm_inst_term(nse->bss_sns_fi, OSMO_FSM_TERM_REQUEST, NULL);
|
||||||
|
nse->bss_sns_fi = NULL;
|
||||||
|
}
|
||||||
|
|
||||||
gprs_ns2_free_nsvcs(nse);
|
gprs_ns2_free_nsvcs(nse);
|
||||||
ns2_prim_status_ind(nse, NULL, 0, GPRS_NS2_AFF_CAUSE_FAILURE);
|
ns2_prim_status_ind(nse, NULL, 0, GPRS_NS2_AFF_CAUSE_FAILURE);
|
||||||
|
|
||||||
llist_del(&nse->list);
|
llist_del(&nse->list);
|
||||||
if (nse->bss_sns_fi)
|
|
||||||
osmo_fsm_inst_term(nse->bss_sns_fi, OSMO_FSM_TERM_REQUEST, NULL);
|
|
||||||
talloc_free(nse);
|
talloc_free(nse);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue