Change in libosmo-sccp[master]: Revert "osmo_ss7: free the sock_name string once an ASP socket is clo...

laforge gerrit-no-reply at lists.osmocom.org
Fri Apr 30 13:54:09 UTC 2021


laforge has submitted this change. ( https://gerrit.osmocom.org/c/libosmo-sccp/+/23996 )

Change subject: Revert "osmo_ss7: free the sock_name string once an ASP socket is closed"
......................................................................

Revert "osmo_ss7: free the sock_name string once an ASP socket is closed"

This reverts commit 03e3b0423443cd48f901762e36e8aa5b75c27c37.

It caused a regression, as apparently some code is using the sock_name
string even after the close:

DLSS7 osmo_ss7.c:1676 0: asp-asp-dyn-0: xua_srv_conn_cb(): sctp_recvmsg() returned 12 (flags=0x8080)
DLSS7 osmo_ss7.c:1608 0: asp-asp-dyn-0: xUA SRV SCTP NOTIFICATION 32773 flags=0x0
DLSS7 osmo_ss7.c:1621 0: asp-asp-dyn-0: xUA SRV SHUTDOWN_EVENT
DLSS7 osmo_ss7.c:1875 asp-dyn-0: connection closed
DLSS7 osmo_ss7.c:1881 XUA_ASP(asp-dyn-0){ASP_INACTIVE}: Received Event SCTP-COMM_DOWN.ind
DLSS7 xua_asp_fsm.c:669 XUA_ASP(asp-dyn-0){ASP_INACTIVE}: state_chg to ASP_DOWN
DLSS7 xua_asp_fsm.c:113 0: asp-asp-dyn-0: No Layer Manager, dropping M-ASP_DOWN.indication
DLSS7 xua_asp_fsm.c:113 0: asp-asp-dyn-0: No Layer Manager, dropping M-SCTP_RELEASE.indication
DLSS7 osmo_ss7.c:1442 0: asp-asp-dyn-0: Destroying ASP
DLSS7 osmo_ss7.c:1449 XUA_ASP(asp-dyn-0){ASP_DOWN}: Terminating (cause = OSMO_FSM_TERM_REQUEST)
DLSS7 osmo_ss7.c:1449 XUA_ASP(asp-dyn-0){ASP_DOWN}: Freeing instance
DLSS7 fsm.c:573 XUA_ASP(asp-dyn-0){ASP_DOWN}: Deallocated
=================================================================
==2928584==ERROR: AddressSanitizer: heap-use-after-free on address 0x618000004d28 at pc 0x7fd6cddeaff8 bp 0x7ffe978fbad0 sp 0x7ffe978fbac8
READ of size 8 at 0x618000004d28 thread T0
    #0 0x7fd6cddeaff7 in xua_srv_conn_closed_cb (/space/home/laforge/projects/git/libosmo-sccp/src/.libs/libosmo-sigtran.so.5+0x17bff7)
    #1 0x7fd6cc443d0f in osmo_stream_srv_destroy (/usr/local/lib/libosmonetif.so.8+0x7ed0f)
    #2 0x7fd6cdde8ce8 in xua_srv_conn_cb (/space/home/laforge/projects/git/libosmo-sccp/src/.libs/libosmo-sigtran.so.5+0x179ce8)
    #3 0x7fd6cc44285e in osmo_stream_srv_read (/usr/local/lib/libosmonetif.so.8+0x7d85e)
    #4 0x7fd6cc44331d in osmo_stream_srv_cb (/usr/local/lib/libosmonetif.so.8+0x7e31d)
    #5 0x7fd6cd88a1c7 in poll_disp_fds (/usr/local/lib/libosmocore.so.17+0x10d1c7)
    #6 0x7fd6cd88a30d in _osmo_select_main (/usr/local/lib/libosmocore.so.17+0x10d30d)
    #7 0x7fd6cd88a32c in osmo_select_main (/usr/local/lib/libosmocore.so.17+0x10d32c)
    #8 0x557aab05c078 in main /space/home/laforge/projects/git/libosmo-sccp/stp/stp_main.c:267
    #9 0x7fd6ccc50d09 in __libc_start_main ../csu/libc-start.c:308
    #10 0x557aab05b389 in _start (/space/home/laforge/projects/git/libosmo-sccp/stp/.libs/osmo-stp+0x3389)

Change-Id: I72f83114408e7a54d1f3072338fa6f189bf4064f
---
M src/osmo_ss7.c
1 file changed, 0 insertions(+), 8 deletions(-)

Approvals:
  laforge: Looks good to me, approved
  Jenkins Builder: Verified



diff --git a/src/osmo_ss7.c b/src/osmo_ss7.c
index 617f6bb..6d68290 100644
--- a/src/osmo_ss7.c
+++ b/src/osmo_ss7.c
@@ -1759,10 +1759,6 @@
 	osmo_fsm_inst_dispatch(asp->fi, XUA_ASP_E_SCTP_COMM_DOWN_IND, asp);
 	/* send M-SCTP_RELEASE.ind to XUA Layer Manager */
 	xua_asp_send_xlm_prim_simple(asp, OSMO_XLM_PRIM_M_SCTP_RELEASE, PRIM_OP_INDICATION);
-
-	/* no connection means no socket means no socket name */
-	talloc_free(asp->sock_name);
-	asp->sock_name = NULL;
 }
 
 static void xua_cli_close_and_reconnect(struct osmo_stream_cli *cli)
@@ -1896,10 +1892,6 @@
 		osmo_ss7_asp_destroy(asp);
 	}
 
-	/* no connection means no socket means no socket name */
-	talloc_free(asp->sock_name);
-	asp->sock_name = NULL;
-
 	return 0;
 }
 

-- 
To view, visit https://gerrit.osmocom.org/c/libosmo-sccp/+/23996
To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings

Gerrit-Project: libosmo-sccp
Gerrit-Branch: master
Gerrit-Change-Id: I72f83114408e7a54d1f3072338fa6f189bf4064f
Gerrit-Change-Number: 23996
Gerrit-PatchSet: 1
Gerrit-Owner: laforge <laforge at osmocom.org>
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: laforge <laforge at osmocom.org>
Gerrit-MessageType: merged
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osmocom.org/pipermail/gerrit-log/attachments/20210430/16cf0675/attachment.htm>


More information about the gerrit-log mailing list