This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.
dexter gerrit-no-reply at lists.osmocom.orgReview at https://gerrit.osmocom.org/3889 a_iface: fix memory leaks Fix multiple memory leaske in A/BSSMAP code Change-Id: I90703c96e6a266a1cfa60b184139375aeb9ae32d --- M include/osmocom/msc/a_iface.h M src/libmsc/a_iface.c M src/libmsc/a_iface_bssap.c M src/libmsc/msc_ifaces.c 4 files changed, 22 insertions(+), 10 deletions(-) git pull ssh://gerrit.osmocom.org:29418/osmo-msc refs/changes/89/3889/1 diff --git a/include/osmocom/msc/a_iface.h b/include/osmocom/msc/a_iface.h index a49ede2..32003eb 100644 --- a/include/osmocom/msc/a_iface.h +++ b/include/osmocom/msc/a_iface.h @@ -51,7 +51,7 @@ /* Initalize A interface connection between to MSC and BSC */ int a_init(struct osmo_sccp_instance *sccp, struct gsm_network *network); -/* Send DTAP message via A-interface */ +/* Send DTAP message via A-interface, take ownership of msg */ int a_iface_tx_dtap(struct msgb *msg); /* Send Cipher mode command via A-interface */ diff --git a/src/libmsc/a_iface.c b/src/libmsc/a_iface.c index 7a6000a..528b959 100644 --- a/src/libmsc/a_iface.c +++ b/src/libmsc/a_iface.c @@ -127,7 +127,7 @@ return NULL; } -/* Send DTAP message via A-interface */ +/* Send DTAP message via A-interface, take ownership of msg */ int a_iface_tx_dtap(struct msgb *msg) { struct gsm_subscriber_connection *conn; @@ -144,13 +144,20 @@ msg->l3h = msg->data; msg_resp = gsm0808_create_dtap(msg, link_id); + if (!msg_resp) { LOGP(DMSC, LOGL_ERROR, "Unable to generate BSSMAP DTAP message!\n"); + msgb_free(msg); return -EINVAL; } else LOGP(DMSC, LOGL_DEBUG, "Massage will be sent as BSSMAP DTAP message!\n"); + /* gsm0808_create_dtap() has copied the data to msg_resp, + * so msg has served its purpose now */ + msgb_free(msg); + LOGP(DMSC, LOGL_DEBUG, "N-DATA.req(%u, %s)\n", conn->a.conn_id, osmo_hexdump(msg_resp->data, msg_resp->len)); + /* osmo_sccp_tx_data_msg() takes ownership of msg_resp */ return osmo_sccp_tx_data_msg(conn->a.scu, conn->a.conn_id, msg_resp); } diff --git a/src/libmsc/a_iface_bssap.c b/src/libmsc/a_iface_bssap.c index 1cd6723..16962e7 100644 --- a/src/libmsc/a_iface_bssap.c +++ b/src/libmsc/a_iface_bssap.c @@ -150,6 +150,7 @@ if (msgb_l3len(msg) < 1) { LOGP(DMSC, LOGL_NOTICE, "Error: No data received -- discarding message!\n"); + msgb_free(msg); return; } @@ -327,17 +328,17 @@ conn = subscr_conn_allocate_a(a_conn_info, network, lac, scu, a_conn_info->conn_id); /* Handover location update to the MSC code */ - /* msc_compl_l3() takes ownership of dtap_msg - * message buffer */ rc = msc_compl_l3(conn, msg, 0); if (rc == MSC_CONN_ACCEPT) { LOGP(DMSC, LOGL_NOTICE, "User has been accepted by MSC.\n"); + msgb_free(msg); return 0; } else if (rc == MSC_CONN_REJECT) LOGP(DMSC, LOGL_NOTICE, "User has been rejected by MSC.\n"); else LOGP(DMSC, LOGL_NOTICE, "User has been rejected by MSC (unknown error)\n"); + msgb_free(msg); return -EINVAL; fail: @@ -423,9 +424,9 @@ msg = NULL; } - /* Hand over cipher mode complete message to the MSC, - * msc_cipher_mode_compl() takes ownership for msg */ + /* Hand over cipher mode complete message to the MSC */ msc_cipher_mode_compl(conn, msg, alg_id); + msgb_free(msg); return 0; fail: @@ -677,9 +678,9 @@ /* msc_dtap expects the dtap payload in l3h */ msg->l3h = msg->l2h + 3; - /* Forward dtap payload into the msc, - * msc_dtap() takes ownership for msg */ + /* Forward dtap payload into the msc */ msc_dtap(conn, conn->a.conn_id, msg); + msgb_free(msg); return 0; } @@ -696,6 +697,7 @@ if (msgb_l2len(msg) < sizeof(struct bssmap_header)) { LOGP(DMSC, LOGL_NOTICE, "The header is too short -- discarding message!\n"); msgb_free(msg); + return -EINVAL; } switch (msg->l2h[0]) { diff --git a/src/libmsc/msc_ifaces.c b/src/libmsc/msc_ifaces.c index b191e0d..83a6dee 100644 --- a/src/libmsc/msc_ifaces.c +++ b/src/libmsc/msc_ifaces.c @@ -44,10 +44,12 @@ static int msc_tx(struct gsm_subscriber_connection *conn, struct msgb *msg) { - if (!conn) - return -EINVAL; if (!msg) return -EINVAL; + if (!conn) { + msgb_free(msg); + return -EINVAL; + } DEBUGP(DMSC, "msc_tx %u bytes to %s via %s\n", msg->len, vlr_subscr_name(conn->vsub), @@ -65,6 +67,7 @@ LOGP(DMSC, LOGL_ERROR, "msc_tx(): conn->via_ran invalid (%d)\n", conn->via_ran); + msgb_free(msg); return -1; } } -- To view, visit https://gerrit.osmocom.org/3889 To unsubscribe, visit https://gerrit.osmocom.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I90703c96e6a266a1cfa60b184139375aeb9ae32d Gerrit-PatchSet: 1 Gerrit-Project: osmo-msc Gerrit-Branch: master Gerrit-Owner: dexter <pmaier at sysmocom.de>