diff options
| author | Harald Welte <laforge@osmocom.org> | 2021-04-30 15:50:16 +0200 |
|---|---|---|
| committer | Harald Welte <laforge@osmocom.org> | 2021-04-30 15:51:22 +0200 |
| commit | c288852320dd09b3511396729c4f5d05c5c04cee (patch) | |
| tree | 4adc2daa036082597f94e626b3ffccb05a2ccbdc | |
| parent | 03e3b0423443cd48f901762e36e8aa5b75c27c37 (diff) | |
Revert "osmo_ss7: free the sock_name string once an ASP socket is closed"2021q1
This reverts commit 03e3b0423443cd48f901762e36e8aa5b75c27c37.
It caused a regression, as apparently some code is using the sock_name
string even after the close:
DLSS7 osmo_ss7.c:1676 0: asp-asp-dyn-0: xua_srv_conn_cb(): sctp_recvmsg() returned 12 (flags=0x8080)
DLSS7 osmo_ss7.c:1608 0: asp-asp-dyn-0: xUA SRV SCTP NOTIFICATION 32773 flags=0x0
DLSS7 osmo_ss7.c:1621 0: asp-asp-dyn-0: xUA SRV SHUTDOWN_EVENT
DLSS7 osmo_ss7.c:1875 asp-dyn-0: connection closed
DLSS7 osmo_ss7.c:1881 XUA_ASP(asp-dyn-0){ASP_INACTIVE}: Received Event SCTP-COMM_DOWN.ind
DLSS7 xua_asp_fsm.c:669 XUA_ASP(asp-dyn-0){ASP_INACTIVE}: state_chg to ASP_DOWN
DLSS7 xua_asp_fsm.c:113 0: asp-asp-dyn-0: No Layer Manager, dropping M-ASP_DOWN.indication
DLSS7 xua_asp_fsm.c:113 0: asp-asp-dyn-0: No Layer Manager, dropping M-SCTP_RELEASE.indication
DLSS7 osmo_ss7.c:1442 0: asp-asp-dyn-0: Destroying ASP
DLSS7 osmo_ss7.c:1449 XUA_ASP(asp-dyn-0){ASP_DOWN}: Terminating (cause = OSMO_FSM_TERM_REQUEST)
DLSS7 osmo_ss7.c:1449 XUA_ASP(asp-dyn-0){ASP_DOWN}: Freeing instance
DLSS7 fsm.c:573 XUA_ASP(asp-dyn-0){ASP_DOWN}: Deallocated
=================================================================
==2928584==ERROR: AddressSanitizer: heap-use-after-free on address 0x618000004d28 at pc 0x7fd6cddeaff8 bp 0x7ffe978fbad0 sp 0x7ffe978fbac8
READ of size 8 at 0x618000004d28 thread T0
#0 0x7fd6cddeaff7 in xua_srv_conn_closed_cb (/space/home/laforge/projects/git/libosmo-sccp/src/.libs/libosmo-sigtran.so.5+0x17bff7)
#1 0x7fd6cc443d0f in osmo_stream_srv_destroy (/usr/local/lib/libosmonetif.so.8+0x7ed0f)
#2 0x7fd6cdde8ce8 in xua_srv_conn_cb (/space/home/laforge/projects/git/libosmo-sccp/src/.libs/libosmo-sigtran.so.5+0x179ce8)
#3 0x7fd6cc44285e in osmo_stream_srv_read (/usr/local/lib/libosmonetif.so.8+0x7d85e)
#4 0x7fd6cc44331d in osmo_stream_srv_cb (/usr/local/lib/libosmonetif.so.8+0x7e31d)
#5 0x7fd6cd88a1c7 in poll_disp_fds (/usr/local/lib/libosmocore.so.17+0x10d1c7)
#6 0x7fd6cd88a30d in _osmo_select_main (/usr/local/lib/libosmocore.so.17+0x10d30d)
#7 0x7fd6cd88a32c in osmo_select_main (/usr/local/lib/libosmocore.so.17+0x10d32c)
#8 0x557aab05c078 in main /space/home/laforge/projects/git/libosmo-sccp/stp/stp_main.c:267
#9 0x7fd6ccc50d09 in __libc_start_main ../csu/libc-start.c:308
#10 0x557aab05b389 in _start (/space/home/laforge/projects/git/libosmo-sccp/stp/.libs/osmo-stp+0x3389)
Change-Id: I72f83114408e7a54d1f3072338fa6f189bf4064f
| -rw-r--r-- | src/osmo_ss7.c | 8 |
1 files changed, 0 insertions, 8 deletions
diff --git a/src/osmo_ss7.c b/src/osmo_ss7.c index 617f6bb..6d68290 100644 --- a/src/osmo_ss7.c +++ b/src/osmo_ss7.c @@ -1759,10 +1759,6 @@ static void xua_cli_close(struct osmo_stream_cli *cli) osmo_fsm_inst_dispatch(asp->fi, XUA_ASP_E_SCTP_COMM_DOWN_IND, asp); /* send M-SCTP_RELEASE.ind to XUA Layer Manager */ xua_asp_send_xlm_prim_simple(asp, OSMO_XLM_PRIM_M_SCTP_RELEASE, PRIM_OP_INDICATION); - - /* no connection means no socket means no socket name */ - talloc_free(asp->sock_name); - asp->sock_name = NULL; } static void xua_cli_close_and_reconnect(struct osmo_stream_cli *cli) @@ -1896,10 +1892,6 @@ static int xua_srv_conn_closed_cb(struct osmo_stream_srv *srv) osmo_ss7_asp_destroy(asp); } - /* no connection means no socket means no socket name */ - talloc_free(asp->sock_name); - asp->sock_name = NULL; - return 0; } |