VTY Crash due an assumption we are breaking

Holger Hans Peter Freyther holger at freyther.de
Tue Aug 10 20:39:44 UTC 2010


On 08/11/2010 04:24 AM, Holger Hans Peter Freyther wrote:
> Hi all,

> so the next exit command will do a double free... and the funny part is that
> the code has one assumption everything > CONFIG_NODE is considered to be
> config as well. This means that we should have two enum values in libosmovty,
> one for Last_Enable, one for Last_Config and have enough space between them.
> And the other part... maybe vty_go_parent should return CMD_SUCCESS?

Okay, the shortest sequence to make it crash is:

enable
bts 0 oml ....
enable <- first go to parent with delete
enable <- second go to parent... double delete

we also have a similiar issue with the subscriber_put in the exit function...
the only fix I can think of is to move every node that frees data before the
CONFIG_NODE so we will not have the "auto fixup" code of VTY.




More information about the OpenBSC mailing list