Change in libosmocore[master]: ns2_fr: Fix heap-use-after-free in error recovery path

historical

laforge has uploaded this change for review. ( https://gerrit.osmocom.org/c/libosmocore/+/22850 )


Change subject: ns2_fr: Fix heap-use-after-free in error recovery path
......................................................................

ns2_fr: Fix heap-use-after-free in error recovery path

<0026> gprs_ns2_fr.c:515 BIND(hdlcnet1) Can not create AF_PACKET socket. Are you root or have CAP_NET_RAW?
=================================================================
==3872359==ERROR: AddressSanitizer: heap-use-after-free on address 0x6130000030c0 at pc 0x7fef120aa92e bp 0x7ffebf6b5c20 sp 0x7ffebf6b5c18
READ of size 8 at 0x6130000030c0 thread T0
    #0 0x7fef120aa92d in osmo_fr_link_free (/usr/local/lib/libosmogb.so.11+0x16992d)
    #1 0x7fef1205105a in free_bind (/usr/local/lib/libosmogb.so.11+0x11005a)

Change-Id: I23c0f1697edd5734085fa18b0a2f253c0f206c53
---
M src/gb/gprs_ns2_fr.c
1 file changed, 1 insertion(+), 0 deletions(-)



  git pull ssh://gerrit.osmocom.org:29418/libosmocore refs/changes/50/22850/1

diff --git a/src/gb/gprs_ns2_fr.c b/src/gb/gprs_ns2_fr.c
index 2df5986..7e6db2a 100644
--- a/src/gb/gprs_ns2_fr.c
+++ b/src/gb/gprs_ns2_fr.c
@@ -863,6 +863,7 @@
 	close(priv->backlog.ofd.fd);
 err_fr:
 	osmo_fr_link_free(fr_link);
+	priv->link = NULL;
 err_bind:
 	gprs_ns2_free_bind(bind);
 

-- 
To view, visit https://gerrit.osmocom.org/c/libosmocore/+/22850
To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings

Gerrit-Project: libosmocore
Gerrit-Branch: master
Gerrit-Change-Id: I23c0f1697edd5734085fa18b0a2f253c0f206c53
Gerrit-Change-Number: 22850
Gerrit-PatchSet: 1
Gerrit-Owner: laforge <laforge at osmocom.org>
Gerrit-MessageType: newchange
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osmocom.org/pipermail/gerrit-log/attachments/20210211/82aa9af3/attachment.htm>
