summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorHarald Welte <laforge@gnumonks.org>2012-07-13 15:21:36 +0200
committerHarald Welte <laforge@gnumonks.org>2012-07-13 15:23:13 +0200
commit614771704c4eacc5d9ccdf415e4d0999e745f58b (patch)
tree0f7fbe85f1241c730f0f9a582c41e2245173a337
parent05440212585b05e0ebc649c276c7634603fbe9e9 (diff)
ganc: fix free() order between osmo_conn and gan_peer
-rw-r--r--openbsc/src/osmo-ganc/ganc_server.c14
1 files changed, 9 insertions, 5 deletions
diff --git a/openbsc/src/osmo-ganc/ganc_server.c b/openbsc/src/osmo-ganc/ganc_server.c
index b568965..ef29a6e 100644
--- a/openbsc/src/osmo-ganc/ganc_server.c
+++ b/openbsc/src/osmo-ganc/ganc_server.c
@@ -66,18 +66,20 @@ static struct gan_peer *gan_peer_by_imsi_f(const char *imsi, uint32_t flag)
/* destroy a peer, including anything that may hang off it */
static void gan_peer_destroy(struct gan_peer *peer)
{
+ struct osmo_conn *conn = peer->conn;
+
if (!peer)
return;
osmo_timer_del(&peer->keepalive_timer);
llist_del(&peer->entry);
- if (peer->conn) {
- osmo_conn_close(peer->conn);
- peer->conn = NULL;
- }
-
talloc_free(peer);
+
+ /* we can only free conn after peer, as peer is a sub-object of
+ * ocnn in the talloc hierarchical allocator */
+ if (conn)
+ osmo_conn_close(peer->conn);
}
static struct msgb *unc_msgb_alloc(void)
@@ -334,6 +336,8 @@ static int rx_rc_register_req(struct gan_peer *peer, struct msgb *msg,
if (TLVP_PRESENT(tp, GA_IE_MI)) {
struct gan_peer *stale_peer;
char imsi[sizeof(peer->imsi)];
+
+ memset(imsi, 0, sizeof(imsi));
gsm48_mi_to_string(imsi, sizeof(imsi),
TLVP_VAL(tp, GA_IE_MI), TLVP_LEN(tp, GA_IE_MI));
printf("\tfrom %s\n", imsi);