[S] Change in osmo-pcap[master]: tls: fix broken certificate hostname verification - gerrit-log

20 Jun 2026


      Attention is currently required from: laforge, pespin.
fixeria has posted comments on this change by fixeria. ( https://gerrit.osmocom.org/c/osmo-pcap/+/42849?usp=email )
Change subject: tls: fix broken certificate hostname verification
......................................................................
Patch Set 2:
(1 comment)
This change is ready for review.
File src/osmo_tls.c:
https://gerrit.osmocom.org/c/osmo-pcap/+/42849/comment/d21e1b08_994793e9?usp... :
PS1, Line 529: 		sess->tls_hostname = client->tls_hostname;
...
can client be freed here somehow while sess keeps being valid and hence sess->tls_hostname ends up p […]
`struct osmo_tls_session` is a field of `struct osmo_pcap_client_conn`, not a pointer, so if the client is free()d, the inner session structure becomes heap garbage. However, use-after-free is still possible here: if the user does `no tls hostname` in the VTY while `verify_cert_cb()` is invoked asynchronously, `conn->tls_hostname` is free()d and we end up with a dangling pointer. So I added `talloc_strdrup()`.
-- 
To view, visit https://gerrit.osmocom.org/c/osmo-pcap/+/42849?usp=email
To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings?usp=email

Gerrit-MessageType: comment
Gerrit-Project: osmo-pcap
Gerrit-Branch: master
Gerrit-Change-Id: If64950a698bfcfbf556a37ef1be3e68abc124384
Gerrit-Change-Number: 42849
Gerrit-PatchSet: 2
Gerrit-Owner: fixeria vyanitskiy@sysmocom.de
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: laforge laforge@osmocom.org
Gerrit-CC: pespin pespin@sysmocom.de
Gerrit-Attention: laforge laforge@osmocom.org
Gerrit-Attention: pespin pespin@sysmocom.de
Gerrit-Comment-Date: Sat, 20 Jun 2026 21:05:51 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
Comment-In-Reply-To: pespin pespin@sysmocom.de