This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.
Harald Welte gerrit-no-reply at lists.osmocom.orgHarald Welte has submitted this change and it was merged. ( https://gerrit.osmocom.org/9477 ) Change subject: fix use after free in osmo_sccp_simple_server_add_clnt() ...................................................................... fix use after free in osmo_sccp_simple_server_add_clnt() The variable as_name was freed before being passed to the osmo_ss7_route_create() function. Free it later to avoid a use-after-free crash with address sanitizer. Found by running 'examples/m3ua_example aaa' with address sanitizer enabled. Change-Id: I9d724bc1d2aa8d6f8b6a67bdeafdb5f0f9136413 Related: OS#2666 --- M src/sccp_user.c 1 file changed, 1 insertion(+), 1 deletion(-) Approvals: Jenkins Builder: Verified Harald Welte: Looks good to me, approved diff --git a/src/sccp_user.c b/src/sccp_user.c index a6161c0..99ed96e 100644 --- a/src/sccp_user.c +++ b/src/sccp_user.c @@ -611,7 +611,6 @@ as = osmo_ss7_as_find_or_create(ss7, as_name, prot); if (!as) goto out_strings; - talloc_free(as_name); /* route only selected PC to the client */ rt = osmo_ss7_route_create(ss7->rtable_system, pc, 0xffff, as_name); @@ -624,6 +623,7 @@ asp->cfg.is_server = true; osmo_ss7_as_add_asp(as, asp_name); talloc_free(asp_name); + talloc_free(as_name); osmo_ss7_asp_restart(asp); return ss7->sccp; -- To view, visit https://gerrit.osmocom.org/9477 To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: libosmo-sccp Gerrit-Branch: master Gerrit-MessageType: merged Gerrit-Change-Id: I9d724bc1d2aa8d6f8b6a67bdeafdb5f0f9136413 Gerrit-Change-Number: 9477 Gerrit-PatchSet: 1 Gerrit-Owner: Stefan Sperling <ssperling at sysmocom.de> Gerrit-Reviewer: Harald Welte <laforge at gnumonks.org> Gerrit-Reviewer: Jenkins Builder -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.osmocom.org/pipermail/gerrit-log/attachments/20180606/1dc301da/attachment.htm>