Change in osmo-pcu[master]: NACC: Fix crash freeing struct if CTRL conn was refused during alloc

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.

pespin gerrit-no-reply at lists.osmocom.org
Fri Jan 29 14:04:59 UTC 2021


pespin has submitted this change. ( https://gerrit.osmocom.org/c/osmo-pcu/+/22489 )

Change subject: NACC: Fix crash freeing struct if CTRL conn was refused during alloc
......................................................................

NACC: Fix crash freeing struct if CTRL conn was refused during alloc

Older versions of osmo_ctrl_conn_alloc() may not properly initialize
write_queue.bfd.fd to -1, which means if osmo_sock_init2_ofd() failed
during nacc_fsm_alloc(), the destructor would wrongly enter the conditon
where the whole structure is set and unregister the unregistered fd.

Related: libosmocore Change-Id I98f744d2880fbb883719cdf1d3eb31f2b22a13b6
Related: SYS#4909
Change-Id: I253bd9087b1f7ab039aa1127e9dc586f5106905a
---
M src/nacc_fsm.c
1 file changed, 3 insertions(+), 0 deletions(-)

Approvals:
  Jenkins Builder: Verified
  laforge: Looks good to me, approved
  fixeria: Looks good to me, but someone else must approve



diff --git a/src/nacc_fsm.c b/src/nacc_fsm.c
index 0a20ae6..b8350a6 100644
--- a/src/nacc_fsm.c
+++ b/src/nacc_fsm.c
@@ -623,6 +623,9 @@
 	ctx->neigh_ctrl_conn = osmo_ctrl_conn_alloc(ctx, ctx->neigh_ctrl);
 	if (!ctx->neigh_ctrl_conn)
 		goto free_ret;
+	/* Older versions of osmo_ctrl_conn_alloc didn't properly initialize fd to -1,
+	 * so make sure to do it here otherwise fd may be valid fd 0 and cause trouble */
+	ctx->neigh_ctrl_conn->write_queue.bfd.fd = -1;
 	llist_add(&ctx->neigh_ctrl_conn->list_entry, &ctx->neigh_ctrl->ccon_list);
 
 	rc = osmo_sock_init2_ofd(&ctx->neigh_ctrl_conn->write_queue.bfd,

-- 
To view, visit https://gerrit.osmocom.org/c/osmo-pcu/+/22489
To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings

Gerrit-Project: osmo-pcu
Gerrit-Branch: master
Gerrit-Change-Id: I253bd9087b1f7ab039aa1127e9dc586f5106905a
Gerrit-Change-Number: 22489
Gerrit-PatchSet: 2
Gerrit-Owner: pespin <pespin at sysmocom.de>
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: daniel <dwillmann at sysmocom.de>
Gerrit-Reviewer: fixeria <vyanitskiy at sysmocom.de>
Gerrit-Reviewer: laforge <laforge at osmocom.org>
Gerrit-Reviewer: osmith <osmith at sysmocom.de>
Gerrit-Reviewer: pespin <pespin at sysmocom.de>
Gerrit-MessageType: merged
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osmocom.org/pipermail/gerrit-log/attachments/20210129/9266db4e/attachment.htm>


More information about the gerrit-log mailing list