summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorHolger Hans Peter Freyther <holger@moiji-mobile.com>2013-07-30 08:45:29 +0200
committerHolger Hans Peter Freyther <holger@moiji-mobile.com>2013-07-31 14:57:21 +0200
commit598e7b3cdf2d5b40ddb0081df72b413139cf0b71 (patch)
tree7df6a9ab8e3350aee39a0f027d5be834c834d1fa
parent92aa6bb9dc7b74a3b36a850012334d4ad3971a9b (diff)
gprs_sgsn: In case of a Activate PDP Context timeout we should free pdp
In case of a failure this method didn't set the pctx->lib back to NULL. In case of a timeout the callback will be made with pdp=NULL and this would lead to leaking the PDP context. Check for the case of having a pctx->lib != pdp and free it. This resolves: <000f> gprs_sgsn.c:259 freeing PDP context that still has a libgtp handle attached to it, this shouldn't happen!
-rw-r--r--openbsc/src/gprs/sgsn_libgtp.c9
1 files changed, 9 insertions, 0 deletions
diff --git a/openbsc/src/gprs/sgsn_libgtp.c b/openbsc/src/gprs/sgsn_libgtp.c
index f2eb35d..db7b49e 100644
--- a/openbsc/src/gprs/sgsn_libgtp.c
+++ b/openbsc/src/gprs/sgsn_libgtp.c
@@ -291,7 +291,16 @@ static int create_pdp_conf(struct pdp_t *pdp, void *cbp, int cause)
return gsm48_tx_gsm_act_pdp_acc(pctx);
reject:
+ /*
+ * In case of a timeout pdp will be NULL but we have a valid pointer
+ * in pctx->lib. For other rejects pctx->lib and pdp might be the
+ * same.
+ */
pctx->state = PDP_STATE_NONE;
+ if (pctx->lib && pctx->lib != pdp)
+ pdp_freepdp(pctx->lib);
+ pctx->lib = NULL;
+
if (pdp)
pdp_freepdp(pdp);
/* Send PDP CTX ACT REJ to MS */