This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/OpenBSC@lists.osmocom.org/.
pablo at gnumonks.org pablo at gnumonks.orgFrom: Pablo Neira Ayuso <pablo at gnumonks.org> valgrind detected an use after free in the path of forward_sccp_to_bts. The 'parsed' object is referenced from update_con_authorize. --- openbsc/src/osmo-bsc_nat/bsc_nat.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/openbsc/src/osmo-bsc_nat/bsc_nat.c b/openbsc/src/osmo-bsc_nat/bsc_nat.c index b9bf36c..be8d56a 100644 --- a/openbsc/src/osmo-bsc_nat/bsc_nat.c +++ b/openbsc/src/osmo-bsc_nat/bsc_nat.c @@ -718,15 +718,18 @@ static int forward_sccp_to_bts(struct bsc_msc_connection *msc_con, struct msgb * LOGP(DNAT, LOGL_ERROR, "Unknown connection for msg type: 0x%x from the MSC.\n", parsed->sccp_type); } - talloc_free(parsed); - if (!con) + if (!con) { + talloc_free(parsed); return -1; + } if (!con->bsc->authenticated) { + talloc_free(parsed); LOGP(DNAT, LOGL_ERROR, "Selected BSC not authenticated.\n"); return -1; } update_con_authorize(con, parsed, msg); + talloc_free(parsed); bsc_send_data(con->bsc, msg->l2h, msgb_l2len(msg), proto); return 0; -- 1.7.10.4