phone-side
/
osmocom-bb
mirror of https://gerrit.osmocom.org/osmocom-bb
9
0
Fork 0
Code Issues Releases Wiki Activity
OsmocomBB MS-side GSM Protocol stack (L1, L2, L3) including firmware https://osmocom.org/projects/baseband
3,266 Commits 59 Branches 1 Tag 26 MiB
C 94.1%
Python 3.5%
Makefile 0.8%
Assembly 0.7%
M4 0.3%
Other 0.3%
Go to file
Pau Espin 2b11e9e97d trxcon: Fix heap-use-after-free in l1ctl_client 
If the peer connected to trxcon restarts the process, read() on the unix
socket in trxcon fails, and triggers closing the conn (l1ctl_client),
which ends up freeing the struct. This all happens during read_cb() of
the l1ctl_client wqueue. If the kernel also flags WRITE event in the
same main loop iteration, the wqueue code would end up using the freed
struct again when running the write_cb.

Make sure the read_cb returns -EBADF in the code branch closing the conn
in read_cb, since it makes no sense to handle a write_cb after that.
This saves the code from accessing the potentially freed struct.

Related: OS#5872
Change-Id: I100a8ba056a09b4e52675e3539640da0c0f8d837
 		2023-01-30 18:23:55 +01:00
contrib gsmmap: move this utility to 'layer23/src/misc/' 2023-01-03 02:43:57 +07:00
doc layer23: Introduce APN VTY node 2023-01-19 19:12:09 +01:00
include trxcon: Initial support for forwarding AMR 2022-09-07 00:01:53 +07:00
src trxcon: Fix heap-use-after-free in l1ctl_client 2023-01-30 18:23:55 +01:00
.gitignore doc/manuals: integrate into this repository 2018-12-04 12:14:59 +00:00
.gitreview Add 'git review' config file 2017-09-07 12:21:24 +02:00