<p>fixeria has uploaded this change for <strong>review</strong>.</p><p><a href="https://gerrit.osmocom.org/c/osmo-mgw/+/18880">View Change</a></p><pre style="font-family: monospace,monospace; white-space: pre-wrap;">libosmo-mgcp-client: fix use-after-free in mgcp_client_tx()<br><br>This function calls mgcp_client_pending_add(), that in its turn<br>allocates a 'mgcp_response_pending' and appends it to the queue.<br><br>In case of an error, it calls mgcp_client_handle_response() that<br>would free the 'mgcp_response_pending', but this structure would<br>still remain in the linked list (the queue).<br><br>Change-Id: Id94bb93a6b0ea7b7241cf7868112e9bec3e60f0b<br>---<br>M src/libosmo-mgcp-client/mgcp_client.c<br>1 file changed, 2 insertions(+), 0 deletions(-)<br><br></pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;">git pull ssh://gerrit.osmocom.org:29418/osmo-mgw refs/changes/80/18880/1</pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;"><span>diff --git a/src/libosmo-mgcp-client/mgcp_client.c b/src/libosmo-mgcp-client/mgcp_client.c</span><br><span>index 74bdf4d..e9b3ec0 100644</span><br><span>--- a/src/libosmo-mgcp-client/mgcp_client.c</span><br><span>+++ b/src/libosmo-mgcp-client/mgcp_client.c</span><br><span>@@ -959,6 +959,8 @@</span><br><span>        return 0;</span><br><span> </span><br><span> mgcp_tx_error:</span><br><span style="color: hsl(120, 100%, 40%);">+       /* Dequeue pending response, it's going to be free()d */</span><br><span style="color: hsl(120, 100%, 40%);">+  llist_del(&pending->entry);</span><br><span>   /* Pass NULL to response cb to indicate an error */</span><br><span>  mgcp_client_handle_response(mgcp, pending, NULL);</span><br><span>    return -1;</span><br><span></span><br></pre><p>To view, visit <a href="https://gerrit.osmocom.org/c/osmo-mgw/+/18880">change 18880</a>. To unsubscribe, or for help writing mail filters, visit <a href="https://gerrit.osmocom.org/settings">settings</a>.</p><div itemscope itemtype="http://schema.org/EmailMessage"><div itemscope itemprop="action" itemtype="http://schema.org/ViewAction"><link itemprop="url" href="https://gerrit.osmocom.org/c/osmo-mgw/+/18880"/><meta itemprop="name" content="View Change"/></div></div>

<div style="display:none"> Gerrit-Project: osmo-mgw </div>
<div style="display:none"> Gerrit-Branch: master </div>
<div style="display:none"> Gerrit-Change-Id: Id94bb93a6b0ea7b7241cf7868112e9bec3e60f0b </div>
<div style="display:none"> Gerrit-Change-Number: 18880 </div>
<div style="display:none"> Gerrit-PatchSet: 1 </div>
<div style="display:none"> Gerrit-Owner: fixeria <vyanitskiy@sysmocom.de> </div>
<div style="display:none"> Gerrit-MessageType: newchange </div>