This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.
Harald Welte gerrit-no-reply at lists.osmocom.orgHarald Welte has submitted this change and it was merged. Change subject: smpp_smsc_conf: Fix heap-use-after-free ...................................................................... smpp_smsc_conf: Fix heap-use-after-free Fixes following error catched by enabling address sanitizer: ==20792==ERROR: AddressSanitizer: heap-use-after-free on address 0x60b000122610 at pc 0x7f9c9c3fe063 bp 0x7ffd2e68f600 sp 0x7ffd2e68edb0 READ of size 11 at 0x60b000122610 thread T0 #0 0x7f9c9c3fe062 (/usr/lib/x86_64-linux-gnu/libasan.so.3+0x3c062) #1 0x7f9c9beb8ee4 in talloc_strdup (/usr/lib/x86_64-linux-gnu/libtalloc.so.2+0x6ee4) #2 0x56096a7cf75b in smpp_smsc_conf src/libmsc/smpp_smsc.c:983 #3 0x56096a7cf9df in smpp_smsc_start src/libmsc/smpp_smsc.c:1015 #4 0x56096a7d4935 in smpp_openbsc_start src/libmsc/smpp_openbsc.c:785 #5 0x56096a755ad0 in main src/osmo-msc/msc_main.c:598 #6 0x7f9c9927b2e0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202e0) #7 0x56096a756979 in _start (/home/jenkins/workspace/osmo-gsm-tester_run-prod/trial-805/inst/osmo-msc/bin/osmo-msc+0xf0979) Related: OS#3181 Change-Id: Iaf0d251c8d2912266a087ada4d20905146e08592 --- M src/libmsc/smpp_smsc.c 1 file changed, 6 insertions(+), 1 deletion(-) Approvals: Harald Welte: Looks good to me, approved Jenkins Builder: Verified diff --git a/src/libmsc/smpp_smsc.c b/src/libmsc/smpp_smsc.c index 7bbb0a4..ea5303c 100644 --- a/src/libmsc/smpp_smsc.c +++ b/src/libmsc/smpp_smsc.c @@ -977,6 +977,12 @@ /*! \brief Set the SMPP address and port without binding. */ int smpp_smsc_conf(struct smsc *smsc, const char *bind_addr, uint16_t port) { + smsc->listen_port = port; + + /* Avoid use-after-free if bind_addr == smsc->bind_addr */ + if (smsc->bind_addr == bind_addr) + return 0; + talloc_free((void*)smsc->bind_addr); smsc->bind_addr = NULL; if (bind_addr) { @@ -984,7 +990,6 @@ if (!smsc->bind_addr) return -ENOMEM; } - smsc->listen_port = port; return 0; } -- To view, visit https://gerrit.osmocom.org/7858 To unsubscribe, visit https://gerrit.osmocom.org/settings Gerrit-MessageType: merged Gerrit-Change-Id: Iaf0d251c8d2912266a087ada4d20905146e08592 Gerrit-PatchSet: 1 Gerrit-Project: osmo-msc Gerrit-Branch: master Gerrit-Owner: Pau Espin Pedrol <pespin at sysmocom.de> Gerrit-Reviewer: Harald Welte <laforge at gnumonks.org> Gerrit-Reviewer: Jenkins Builder