[S] Change in libosmo-netif[master]: ipa-stream-server: Return -EBADF in read_cb after osmo_stream_srv_des... - gerrit-log

31 May 2023

laforge has submitted this change. ( https://gerrit.osmocom.org/c/libosmo-netif/+/33104 )
Change subject: ipa-stream-server: Return -EBADF in read_cb after osmo_stream_srv_destroy()
......................................................................
ipa-stream-server: Return -EBADF in read_cb after osmo_stream_srv_destroy()
This fixes a potential heap-use-after-free error.
When there is still data to be written the osmo_stream_srv_cb() will
call osmo_stream_srv_write() which will try to dereference conn even
though it has already been freed.
Change-Id: I5ac1920b8d4ce3b0205f00d253e7ed878fb745e3
---
M examples/ipa-stream-server.c
1 file changed, 16 insertions(+), 1 deletion(-)
Approvals:
  Jenkins Builder: Verified
  laforge: Looks good to me, approved

diff --git a/examples/ipa-stream-server.c b/examples/ipa-stream-server.c
index c311697..1ca1aaf 100644
--- a/examples/ipa-stream-server.c
+++ b/examples/ipa-stream-server.c
@@ -1,4 +1,5 @@
 /* IPA stream srv example */
+#include <errno.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -61,7 +62,7 @@
    	LOGP(DSTREAMTEST, LOGL_ERROR, "cannot receive message\n");
    	osmo_stream_srv_destroy(conn);
    	msgb_free(msg);
-		return 0;
+		return -EBADF;
    }
    if (osmo_ipa_process_msg(msg) < 0) {
    	LOGP(DSTREAMTEST, LOGL_ERROR, "Bad IPA message\n");
-- 
To view, visit https://gerrit.osmocom.org/c/libosmo-netif/+/33104
To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings

Gerrit-Project: libosmo-netif
Gerrit-Branch: master
Gerrit-Change-Id: I5ac1920b8d4ce3b0205f00d253e7ed878fb745e3
Gerrit-Change-Number: 33104
Gerrit-PatchSet: 2
Gerrit-Owner: daniel dwillmann@sysmocom.de
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: laforge laforge@osmocom.org
Gerrit-Reviewer: pespin pespin@sysmocom.de
Gerrit-MessageType: merged



    