This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.
Harald Welte gerrit-no-reply at lists.osmocom.orgHello Jenkins Builder, I'd like you to reexamine a change. Please visit https://gerrit.osmocom.org/7325 to look at the new patch set (#2). msc_mgcp: to not access higher layers after release The higher layers (gsm_04_08.c) are informed errors occur. But it is not checked if the call was already released. If an error occurs after the call control stack calls msc_mgcp_call_release() then the higher layers might already have cleaned up and the code accesses memory that is already freed (trans) - fix use after free by guarding the call to mncc_tx_to_cc() Change-Id: I78f1b6a9149488a4ad3f120c1e190a83c07d4b89 Related OS#2881 Related OS#2882 --- M src/libmsc/msc_mgcp.c 1 file changed, 9 insertions(+), 4 deletions(-) git pull ssh://gerrit.osmocom.org:29418/osmo-msc refs/changes/25/7325/2 diff --git a/src/libmsc/msc_mgcp.c b/src/libmsc/msc_mgcp.c index 8e874d8..5c615a9 100644 --- a/src/libmsc/msc_mgcp.c +++ b/src/libmsc/msc_mgcp.c @@ -197,10 +197,15 @@ osmo_fsm_inst_dispatch(fi, EV_TEARDOWN_ERROR, mgcp_ctx); } - /* Request the higher layers to release the call */ - mncc_set_cause(&mncc, GSM48_CAUSE_LOC_TRANS_NET, - GSM48_CC_CAUSE_RESOURCE_UNAVAIL); - mncc_tx_to_cc(mgcp_ctx->trans->net, MNCC_REL_REQ, &mncc); + /* Request the higher layers (gsm_04_08.c) to release the call. If the + * problem occured after msc_mgcp_call_release() was calls, remain + * silent because we already got informed and the higher layers might + * already freed their context information (trans). */ + if (!mgcp_ctx->free_ctx) { + mncc_set_cause(&mncc, GSM48_CAUSE_LOC_TRANS_NET, + GSM48_CC_CAUSE_RESOURCE_UNAVAIL); + mncc_tx_to_cc(mgcp_ctx->trans->net, MNCC_REL_REQ, &mncc); + } } /* Timer callback to shut down in case of connectivity problems */ -- To view, visit https://gerrit.osmocom.org/7325 To unsubscribe, visit https://gerrit.osmocom.org/settings Gerrit-MessageType: newpatchset Gerrit-Change-Id: I78f1b6a9149488a4ad3f120c1e190a83c07d4b89 Gerrit-PatchSet: 2 Gerrit-Project: osmo-msc Gerrit-Branch: master Gerrit-Owner: dexter <pmaier at sysmocom.de> Gerrit-Reviewer: Jenkins Builder