This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/OpenBSC@lists.osmocom.org/.
Pablo Neira Ayuso pablo at gnumonks.orgOn Wed, Aug 29, 2012 at 09:30:58PM +0200, Holger Hans Peter Freyther wrote:
> On Fri, Aug 24, 2012 at 12:09:08PM +0200, Pablo Neira Ayuso wrote:
>
> > @@ -416,20 +447,21 @@ static int handle_ts1_read(struct osmo_fd *bfd)
> > LOGP(DLINP, LOGL_ERROR, "Fix your application, "
> > "no action set for signalling messages.\n");
> > ret = -EINVAL;
> > - goto err;
> > + goto err_msg;
> > }
>
> ah nice, potential memleak fix. :)
>
> > if (e1i_ts->line->ops->sign_link(msg) < 0) {
> > LOGP(DLINP, LOGL_ERROR, "Bad signalling message,"
> > "sign_link returned error: %s\n",
> > osmo_hexdump(msgb_l2(msg), msgb_l2len(msg)));
> > ret = -EINVAL;
> > + goto err;
>
> bad. but not from your code. sign_link does delete the msgb.. dumping it
> will work most of the time but is a "read after free".
Indeed. abis_[rsl|oml]_rcvmsg are usually called in the path of
->sign_link, and they are in charge of releasing the msgb.
I'm going to remove that dump and send a patch to add it to
openBSC's abis_[rsl|oml]_rcvmsg (before msgb is released).
> Acked-by: Holger Freyther <holger at freyther.de>
>
>
> as far as I can see.. the error paths have no leaks
Thanks for your review Holger. Will fix the thing above and push the
patchset.