From: Holger Hans Peter Freyther holger@moiji-mobile.com
In case the subscriber is currently busy we would omit the subscr_put. This seems to be very hard to hit as the subscr need to be active and at the same time be selected for the purge operation. --- openbsc/src/libmsc/gsm_subscriber.c | 1 + 1 file changed, 1 insertion(+)
diff --git a/openbsc/src/libmsc/gsm_subscriber.c b/openbsc/src/libmsc/gsm_subscriber.c index 4559de5..085acb1 100644 --- a/openbsc/src/libmsc/gsm_subscriber.c +++ b/openbsc/src/libmsc/gsm_subscriber.c @@ -353,6 +353,7 @@ static void subscr_expire_callback(void *data, long long unsigned int id) LOGP(DMM, LOGL_DEBUG, "Not expiring subscriber %s (ID %llu)\n", subscr_name(s), id); subscr_update_expire_lu(s, conn->bts); + subscr_put(s); return; }
From: Holger Hans Peter Freyther holger@moiji-mobile.com
In case the SMPP payload didn't include the right fields we would leak the subscr reference count. --- openbsc/src/libmsc/smpp_openbsc.c | 2 ++ 1 file changed, 2 insertions(+)
diff --git a/openbsc/src/libmsc/smpp_openbsc.c b/openbsc/src/libmsc/smpp_openbsc.c index 057a9d0..a2fa0f4 100644 --- a/openbsc/src/libmsc/smpp_openbsc.c +++ b/openbsc/src/libmsc/smpp_openbsc.c @@ -110,6 +110,7 @@ static int submit_to_sms(struct gsm_sms **psms, struct gsm_network *net, /* ERROR: we cannot have both! */ LOGP(DLSMS, LOGL_ERROR, "SMPP Cannot have payload in " "TLV _and_ in the header\n"); + subscr_put(dest); return ESME_ROPTPARNOTALLWD; } sms_msg = t->value.octet; @@ -120,6 +121,7 @@ static int submit_to_sms(struct gsm_sms **psms, struct gsm_network *net, } else { LOGP(DLSMS, LOGL_ERROR, "SMPP neither message payload nor valid sm_length.\n"); + subscr_put(dest); return ESME_RINVPARLEN; }
-
Holger Hans Peter Freyther