This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.
laforge gerrit-no-reply at lists.osmocom.orglaforge has submitted this change. ( https://gerrit.osmocom.org/c/libosmo-sccp/+/19004 ) Change subject: osmo_ss7: remove use-after-free of stream_server after close_cb ...................................................................... osmo_ss7: remove use-after-free of stream_server after close_cb In I9b3ae6dfcf6efeabb7fb6c33503d1d7924fec2fa we fixed some problems regarding rapid open/close cycles of inbound M3UA client connections. Unfortunately the fix now triggered another bug. xua_srv_conn_closed_cb() is called by libosmo-netif stream code whenever a connection (socket) is closed. As the stream_server is de-allocated right after this call-back, the call-back must make sure to remove any pending references to the stream_server. Change-Id: I2464cf524f1f91bfad10ff1861a03bf1461dfed8 Related: OS#4625 --- M src/osmo_ss7.c 1 file changed, 2 insertions(+), 1 deletion(-) Approvals: laforge: Looks good to me, approved; Verified diff --git a/src/osmo_ss7.c b/src/osmo_ss7.c index 9aeed9b..cdac27a 100644 --- a/src/osmo_ss7.c +++ b/src/osmo_ss7.c @@ -1786,12 +1786,13 @@ /* send M-SCTP_RELEASE.ind to Layer Manager */ xua_asp_send_xlm_prim_simple(asp, OSMO_XLM_PRIM_M_SCTP_RELEASE, PRIM_OP_INDICATION); + asp->server = NULL; + /* if we were dynamically allocated at accept_cb() time, let's * self-destruct now. A new connection will re-create the ASP. */ if (asp->dyn_allocated) { /* avoid re-entrance via osmo_stream_srv_destroy() which * called us */ - asp->server = NULL; osmo_ss7_asp_destroy(asp); } -- To view, visit https://gerrit.osmocom.org/c/libosmo-sccp/+/19004 To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: libosmo-sccp Gerrit-Branch: master Gerrit-Change-Id: I2464cf524f1f91bfad10ff1861a03bf1461dfed8 Gerrit-Change-Number: 19004 Gerrit-PatchSet: 1 Gerrit-Owner: laforge <laforge at osmocom.org> Gerrit-Reviewer: laforge <laforge at osmocom.org> Gerrit-CC: Jenkins Builder Gerrit-MessageType: merged -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.osmocom.org/pipermail/gerrit-log/attachments/20200625/d0a9d749/attachment.htm>