<p>laforge has uploaded this change for <strong>review</strong>.</p><p><a href="https://gerrit.osmocom.org/c/libosmo-sccp/+/23996">View Change</a></p><pre style="font-family: monospace,monospace; white-space: pre-wrap;">Revert "osmo_ss7: free the sock_name string once an ASP socket is closed"<br><br>This reverts commit 03e3b0423443cd48f901762e36e8aa5b75c27c37.<br><br>It caused a regression, as apparently some code is using the sock_name<br>string even after the close:<br><br>DLSS7 osmo_ss7.c:1676 0: asp-asp-dyn-0: xua_srv_conn_cb(): sctp_recvmsg() returned 12 (flags=0x8080)<br>DLSS7 osmo_ss7.c:1608 0: asp-asp-dyn-0: xUA SRV SCTP NOTIFICATION 32773 flags=0x0<br>DLSS7 osmo_ss7.c:1621 0: asp-asp-dyn-0: xUA SRV SHUTDOWN_EVENT<br>DLSS7 osmo_ss7.c:1875 asp-dyn-0: connection closed<br>DLSS7 osmo_ss7.c:1881 XUA_ASP(asp-dyn-0){ASP_INACTIVE}: Received Event SCTP-COMM_DOWN.ind<br>DLSS7 xua_asp_fsm.c:669 XUA_ASP(asp-dyn-0){ASP_INACTIVE}: state_chg to ASP_DOWN<br>DLSS7 xua_asp_fsm.c:113 0: asp-asp-dyn-0: No Layer Manager, dropping M-ASP_DOWN.indication<br>DLSS7 xua_asp_fsm.c:113 0: asp-asp-dyn-0: No Layer Manager, dropping M-SCTP_RELEASE.indication<br>DLSS7 osmo_ss7.c:1442 0: asp-asp-dyn-0: Destroying ASP<br>DLSS7 osmo_ss7.c:1449 XUA_ASP(asp-dyn-0){ASP_DOWN}: Terminating (cause = OSMO_FSM_TERM_REQUEST)<br>DLSS7 osmo_ss7.c:1449 XUA_ASP(asp-dyn-0){ASP_DOWN}: Freeing instance<br>DLSS7 fsm.c:573 XUA_ASP(asp-dyn-0){ASP_DOWN}: Deallocated<br>=================================================================<br>==2928584==ERROR: AddressSanitizer: heap-use-after-free on address 0x618000004d28 at pc 0x7fd6cddeaff8 bp 0x7ffe978fbad0 sp 0x7ffe978fbac8<br>READ of size 8 at 0x618000004d28 thread T0<br>    #0 0x7fd6cddeaff7 in xua_srv_conn_closed_cb (/space/home/laforge/projects/git/libosmo-sccp/src/.libs/libosmo-sigtran.so.5+0x17bff7)<br>    #1 0x7fd6cc443d0f in osmo_stream_srv_destroy (/usr/local/lib/libosmonetif.so.8+0x7ed0f)<br>    #2 0x7fd6cdde8ce8 in xua_srv_conn_cb (/space/home/laforge/projects/git/libosmo-sccp/src/.libs/libosmo-sigtran.so.5+0x179ce8)<br>    #3 0x7fd6cc44285e in osmo_stream_srv_read (/usr/local/lib/libosmonetif.so.8+0x7d85e)<br>    #4 0x7fd6cc44331d in osmo_stream_srv_cb (/usr/local/lib/libosmonetif.so.8+0x7e31d)<br>    #5 0x7fd6cd88a1c7 in poll_disp_fds (/usr/local/lib/libosmocore.so.17+0x10d1c7)<br>    #6 0x7fd6cd88a30d in _osmo_select_main (/usr/local/lib/libosmocore.so.17+0x10d30d)<br>    #7 0x7fd6cd88a32c in osmo_select_main (/usr/local/lib/libosmocore.so.17+0x10d32c)<br>    #8 0x557aab05c078 in main /space/home/laforge/projects/git/libosmo-sccp/stp/stp_main.c:267<br>    #9 0x7fd6ccc50d09 in __libc_start_main ../csu/libc-start.c:308<br>    #10 0x557aab05b389 in _start (/space/home/laforge/projects/git/libosmo-sccp/stp/.libs/osmo-stp+0x3389)<br><br>Change-Id: I72f83114408e7a54d1f3072338fa6f189bf4064f<br>---<br>M src/osmo_ss7.c<br>1 file changed, 0 insertions(+), 8 deletions(-)<br><br></pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;">git pull ssh://gerrit.osmocom.org:29418/libosmo-sccp refs/changes/96/23996/1</pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;"><span>diff --git a/src/osmo_ss7.c b/src/osmo_ss7.c</span><br><span>index 617f6bb..6d68290 100644</span><br><span>--- a/src/osmo_ss7.c</span><br><span>+++ b/src/osmo_ss7.c</span><br><span>@@ -1759,10 +1759,6 @@</span><br><span>       osmo_fsm_inst_dispatch(asp->fi, XUA_ASP_E_SCTP_COMM_DOWN_IND, asp);</span><br><span>       /* send M-SCTP_RELEASE.ind to XUA Layer Manager */</span><br><span>   xua_asp_send_xlm_prim_simple(asp, OSMO_XLM_PRIM_M_SCTP_RELEASE, PRIM_OP_INDICATION);</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">-    /* no connection means no socket means no socket name */</span><br><span style="color: hsl(0, 100%, 40%);">-        talloc_free(asp->sock_name);</span><br><span style="color: hsl(0, 100%, 40%);">- asp->sock_name = NULL;</span><br><span> }</span><br><span> </span><br><span> static void xua_cli_close_and_reconnect(struct osmo_stream_cli *cli)</span><br><span>@@ -1896,10 +1892,6 @@</span><br><span>          osmo_ss7_asp_destroy(asp);</span><br><span>   }</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">-   /* no connection means no socket means no socket name */</span><br><span style="color: hsl(0, 100%, 40%);">-        talloc_free(asp->sock_name);</span><br><span style="color: hsl(0, 100%, 40%);">- asp->sock_name = NULL;</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span>    return 0;</span><br><span> }</span><br><span> </span><br><span></span><br></pre><p>To view, visit <a href="https://gerrit.osmocom.org/c/libosmo-sccp/+/23996">change 23996</a>. To unsubscribe, or for help writing mail filters, visit <a href="https://gerrit.osmocom.org/settings">settings</a>.</p><div itemscope itemtype="http://schema.org/EmailMessage"><div itemscope itemprop="action" itemtype="http://schema.org/ViewAction"><link itemprop="url" href="https://gerrit.osmocom.org/c/libosmo-sccp/+/23996"/><meta itemprop="name" content="View Change"/></div></div>

<div style="display:none"> Gerrit-Project: libosmo-sccp </div>
<div style="display:none"> Gerrit-Branch: master </div>
<div style="display:none"> Gerrit-Change-Id: I72f83114408e7a54d1f3072338fa6f189bf4064f </div>
<div style="display:none"> Gerrit-Change-Number: 23996 </div>
<div style="display:none"> Gerrit-PatchSet: 1 </div>
<div style="display:none"> Gerrit-Owner: laforge <laforge@osmocom.org> </div>
<div style="display:none"> Gerrit-MessageType: newchange </div>