Change in osmo-hnbgw[master]: hnb_read_cb(): -EBADF must be returned if conn is freed to avoid use-... - gerrit-log

1 Oct 2022

pespin has submitted this change. ( https://gerrit.osmocom.org/c/osmo-hnbgw/+/29549 )

Change subject: hnb_read_cb(): -EBADF must be returned if conn is freed to avoid
use-after-free
......................................................................

hnb_read_cb(): -EBADF must be returned if conn is freed to avoid use-after-free

Otherwise the libosmo-netif stream API may continue accessing the conn
after returning if the socket has the WRITE flag active in the same main
loop iteration.

Change-Id: I628c59a88d94d299f432f405b37fbe602381d47e
---
M src/osmo-hnbgw/hnbgw.c
1 file changed, 4 insertions(+), 3 deletions(-)

Approvals:
  Jenkins Builder: Verified
  pespin: Looks good to me, approved
  laforge: Looks good to me, but someone else must approve
  fixeria: Looks good to me, but someone else must approve

diff --git a/src/osmo-hnbgw/hnbgw.c b/src/osmo-hnbgw/hnbgw.c
index b824dd3..38d33eb 100644
--- a/src/osmo-hnbgw/hnbgw.c
+++ b/src/osmo-hnbgw/hnbgw.c
@@ -264,7 +264,7 @@
 				       "sctp_recvmsg(%s) = SCTP_COMM_LOST, closing conn\n",
 				       osmo_sock_get_name2(ofd->fd));
 				osmo_stream_srv_destroy(conn);
-				rc = -1;
+				rc = -EBADF;
 				break;
 			case SCTP_RESTART:
 				LOGHNB(hnb, DMAIN, LOGL_NOTICE, "HNB SCTP conn RESTARTed, marking as
HNBAP-unregistered\n");
@@ -277,7 +277,7 @@
 			       "sctp_recvmsg(%s) = SCTP_SHUTDOWN_EVENT, closing conn\n",
 			       osmo_sock_get_name2(ofd->fd));
 			osmo_stream_srv_destroy(conn);
-			rc = -1;
+			rc = -EBADF;
 			break;
 		}
 		goto out;
@@ -291,12 +291,13 @@
 		LOGHNB(hnb, DMAIN, LOGL_ERROR, "Error during sctp_recvmsg(%s)\n",
 		       osmo_sock_get_name2(ofd->fd));
 		osmo_stream_srv_destroy(conn);
+		rc = -EBADF;
 		goto out;
 	} else if (rc == 0) {
 		LOGHNB(hnb, DMAIN, LOGL_NOTICE, "Connection closed sctp_recvmsg(%s) = 0\n",
 		       osmo_sock_get_name2(ofd->fd));
 		osmo_stream_srv_destroy(conn);
-		rc = -1;
+		rc = -EBADF;
 		goto out;
 	} else {
 		msgb_put(msg, rc);

-- 
To view, visit https://gerrit.osmocom.org/c/osmo-hnbgw/+/29549
To unsubscribe, or for help writing mail filters, visit
https://gerrit.osmocom.org/settings

Gerrit-Project: osmo-hnbgw
Gerrit-Branch: master
Gerrit-Change-Id: I628c59a88d94d299f432f405b37fbe602381d47e
Gerrit-Change-Number: 29549
Gerrit-PatchSet: 3
Gerrit-Owner: pespin &lt;pespin(a)sysmocom.de&gt;
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: fixeria &lt;vyanitskiy(a)sysmocom.de&gt;
Gerrit-Reviewer: laforge &lt;laforge(a)osmocom.org&gt;
Gerrit-Reviewer: osmith &lt;osmith(a)sysmocom.de&gt;
Gerrit-Reviewer: pespin &lt;pespin(a)sysmocom.de&gt;
Gerrit-CC: neels &lt;nhofmeyr(a)sysmocom.de&gt;
Gerrit-MessageType: merged



    