pespin submitted this change.

View Change



3 is the latest approved patch-set.
No files were changed between the latest approved patch-set and the submitted one.

Approvals: Jenkins Builder: Verified laforge: Looks good to me, approved osmith: Looks good to me, but someone else must approve 
ps_rab_ass_fsm: Fix potential use-after-free if Tx RAB-ASS-RESP over SCCP fails

ps_rab_ass_failure() is already calling
osmo_fsm_inst_term(rab_ass->fi(), which will free "fi" and its child
talloc struct "rab_ass".
Hence, return early as done everywher else in order to avoid accessing
the struct again.

Change-Id: Id605f2b279a4d886399de27f6a94622ad7bf982b
---
M src/osmo-hnbgw/ps_rab_ass_fsm.c
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/osmo-hnbgw/ps_rab_ass_fsm.c b/src/osmo-hnbgw/ps_rab_ass_fsm.c
index 68bf58a..0e0971e 100644
--- a/src/osmo-hnbgw/ps_rab_ass_fsm.c
+++ b/src/osmo-hnbgw/ps_rab_ass_fsm.c
@@ -601,8 +601,8 @@
 	if (rc < 0) {
 		LOG_PS_RAB_ASS(rab_ass, LOGL_ERROR, "Sending RANAP PS RAB-AssignmentResponse failed\n");
 		ps_rab_ass_failure(rab_ass);
+		return;
 	}
-
 	/* The request message has been forwarded. We are done. */
 	osmo_fsm_inst_term(rab_ass->fi, OSMO_FSM_TERM_REGULAR, NULL);
 }

To view, visit change 40276. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-MessageType: merged
Gerrit-Project: osmo-hnbgw
Gerrit-Branch: master
Gerrit-Change-Id: Id605f2b279a4d886399de27f6a94622ad7bf982b
Gerrit-Change-Number: 40276
Gerrit-PatchSet: 4
Gerrit-Owner: pespin <pespin@sysmocom.de>
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: laforge <laforge@osmocom.org>
Gerrit-Reviewer: osmith <osmith@sysmocom.de>
Gerrit-Reviewer: pespin <pespin@sysmocom.de>