osmocom
/
libosmocore
mirror of https://gerrit.osmocom.org/libosmocore
11
0
Fork 0
Code Issues Releases Wiki Activity

gprs_ns2: also prevent recursive events when SGSN side cleans up 

When cleaning up the SGSN side (e.g. receiving a SNS SIZE PDU) the
clean up will result in a use-after-free bug when the SGSN side is still
alive.

Change-Id: I0f57dd0577d1fc7bd270f58e15f6f22eb130ef59
This commit is contained in:
Alexander Couzens 2021-09-04 01:10:46 +02:00
parent db07a44988
commit c2fec69baa
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/gb/gprs_ns2_sns.c
View File

@ -2732,6 +2732,7 @@ static void ns2_clear_sgsn(struct ns2_sns_state *gss, struct gprs_ns2_vc *size_n
ns2_clear_procedures(gss);
ns2_clear_elems(&gss->local);
ns2_clear_elems(&gss->remote);
gss->block_no_nsvc_events = true;
llist_for_each_entry_safe(nsvc, nsvc2, &gss->nse->nsvc, list) {
/* Ignore the NSVC over which the SIZE PDU got received */
if (size_nsvc && size_nsvc == nsvc)
@ -2739,6 +2740,7 @@ static void ns2_clear_sgsn(struct ns2_sns_state *gss, struct gprs_ns2_vc *size_n
gprs_ns2_free_nsvc(nsvc);
}
gss->block_no_nsvc_events = false;
}
static void ns2_sns_st_sgsn_unconfigured_onenter(struct osmo_fsm_inst *fi, uint32_t old_state)