This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.
laforge gerrit-no-reply at lists.osmocom.orglaforge has uploaded this change for review. ( https://gerrit.osmocom.org/c/libosmocore/+/22849 ) Change subject: ns2_fr: Fix null pointer deref in error path ...................................................................... ns2_fr: Fix null pointer deref in error path The followign happens if osmo-gbproxy is started without CAP_NET_RAW: <0026> gprs_ns2_fr.c:515 BIND(hdlcnet1) Can not create AF_PACKET socket. Are you root or have CAP_NET_RAW? gprs_ns2_fr.c:176:2: runtime error: member access within null pointer of type 'struct msgb' AddressSanitizer:DEADLYSIGNAL the second line is free_bind() iterating overr the backlog while destroying the not-yet-fully-initialized bind. Let's make sure the backlog llist_head is always initialized properly. Change-Id: I4d2fa50955c5897cd469fee68d4ddc65a9f5688f --- M src/gb/gprs_ns2_fr.c 1 file changed, 1 insertion(+), 1 deletion(-) git pull ssh://gerrit.osmocom.org:29418/libosmocore refs/changes/49/22849/1 diff --git a/src/gb/gprs_ns2_fr.c b/src/gb/gprs_ns2_fr.c index 93b7759..2df5986 100644 --- a/src/gb/gprs_ns2_fr.c +++ b/src/gb/gprs_ns2_fr.c @@ -807,6 +807,7 @@ goto err_bind; } + INIT_LLIST_HEAD(&priv->backlog.list); OSMO_STRLCPY_ARRAY(priv->netif, netif); /* FIXME: move fd handling into socket.c */ @@ -836,7 +837,6 @@ rc = open_socket(priv->ifindex, bind); if (rc < 0) goto err_fr; - INIT_LLIST_HEAD(&priv->backlog.list); priv->backlog.retry_us = 2500; /* start with some non-zero value; this corrsponds to 496 bytes */ osmo_timer_setup(&priv->backlog.timer, fr_backlog_timer_cb, bind); osmo_fd_setup(&priv->backlog.ofd, rc, OSMO_FD_READ, fr_netif_ofd_cb, bind, 0); -- To view, visit https://gerrit.osmocom.org/c/libosmocore/+/22849 To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: libosmocore Gerrit-Branch: master Gerrit-Change-Id: I4d2fa50955c5897cd469fee68d4ddc65a9f5688f Gerrit-Change-Number: 22849 Gerrit-PatchSet: 1 Gerrit-Owner: laforge <laforge at osmocom.org> Gerrit-MessageType: newchange -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.osmocom.org/pipermail/gerrit-log/attachments/20210211/6a40f23c/attachment.htm>