[S] Change in osmo-hnbgw[master]: rab_ass_fsm.c: fix asn1 memleak when replacing GTP address

5 May 2023

neels has uploaded this change for review. ( https://gerrit.osmocom.org/c/osmo-hnbgw/+/32614 )
Change subject: rab_ass_fsm.c: fix asn1 memleak when replacing GTP address
......................................................................
rab_ass_fsm.c: fix asn1 memleak when replacing GTP address
This fix is really weird: by *removing* a FREE() call, fix a leak of the
replaced transportLayerAddress. (An in-code comment says some more.)
Also remove the other FREE() call that turns out to not be necessary.
This has been verified with a ttcn3 test that is not yet submitted,
which ensures an empty talloc_asn1_ctx at the end of every test
(osmo-ttcn3-hacks I2948ee6f167369a2252f85b493e9653b93c7e4e9 ).
Change-Id: I315d04a07b7dfd4dce26e5b5f871318e27e2bdf6
---
M src/osmo-hnbgw/ps_rab_ass_fsm.c
1 file changed, 29 insertions(+), 3 deletions(-)
git pull ssh://gerrit.osmocom.org:29418/osmo-hnbgw refs/changes/14/32614/1

diff --git a/src/osmo-hnbgw/ps_rab_ass_fsm.c b/src/osmo-hnbgw/ps_rab_ass_fsm.c
index 464c4d0..2b7b940 100644
--- a/src/osmo-hnbgw/ps_rab_ass_fsm.c
+++ b/src/osmo-hnbgw/ps_rab_ass_fsm.c
@@ -547,7 +547,15 @@
    		return;
    	}
-		/* Replace GTP endpoint */
+		/* Replace GTP endpoint.
+		 * memory: ranap_new_transp_layer_addr() frees previous buffer in transportLayerAddress, if any. The
+		 * entire rab_item is freed along with item_ies.
+		 *
+		 * BTW, If I free this explicitly below with
+		 *   ASN_STRUCT_FREE_CONTENTS_ONLY(asn_DEF_BIT_STRING, &rab_item->transportLayerAddress);
+		 * that causes a leak in talloc_asn1_ctx: "iu_helpers.c:205 contains  20 bytes in  1 blocks".
+		 * I couldn't figure out why, but things are freed properly when leaving it all up to item_ies.
+		 */
    	if (ranap_new_transp_layer_addr(rab_item->transportLayerAddress, &rab->core.local.addr,
    					rab->access.use_x213_nsap) < 0) {
    		ASN_STRUCT_FREE_CONTENTS_ONLY(asn_DEF_RANAP_RAB_SetupOrModifiedItem, &item_ies);
@@ -564,13 +572,13 @@
teid_be = htonl(rab->core.local.teid);
    	rab_item->iuTransportAssociation->present = RANAP_IuTransportAssociation_PR_gTP_TEI;
+		/* memory: OCTET_STRING_fromBuf() frees previous buffer in gTP_TEI, if any. The entire rab_item is freed
+		 * along with item_ies. */
    	OCTET_STRING_fromBuf(&rab_item->iuTransportAssociation->choice.gTP_TEI,
    			     (const char *)&teid_be, sizeof(teid_be));
/* Reencode this list item in the RANAP message */
    	rc = ANY_fromType_aper(&list_ie->value, &asn_DEF_RANAP_RAB_SetupOrModifiedItem, rab_item);
-		ASN_STRUCT_FREE_CONTENTS_ONLY(asn_DEF_BIT_STRING, &rab_item->transportLayerAddress);
-		ASN_STRUCT_FREE_CONTENTS_ONLY(asn_DEF_OCTET_STRING, &rab_item->iuTransportAssociation->choice.gTP_TEI);
    	if (rc < 0) {
    		ASN_STRUCT_FREE_CONTENTS_ONLY(asn_DEF_RANAP_RAB_SetupOrModifiedItem, &item_ies);
    		LOG_PS_RAB_ASS(rab_ass, LOGL_ERROR, "Re-encoding RANAP PS RAB-AssignmentResponse failed\n");
-- 
To view, visit https://gerrit.osmocom.org/c/osmo-hnbgw/+/32614
To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings

Gerrit-Project: osmo-hnbgw
Gerrit-Branch: master
Gerrit-Change-Id: I315d04a07b7dfd4dce26e5b5f871318e27e2bdf6
Gerrit-Change-Number: 32614
Gerrit-PatchSet: 1
Gerrit-Owner: neels nhofmeyr@sysmocom.de
Gerrit-MessageType: newchange



    

2025

2024

2023

2022

[S] Change in osmo-hnbgw[master]: rab_ass_fsm.c: fix asn1 memleak when replacing GTP address