diff options
| author | Pablo Neira Ayuso <pablo@gnumonks.org> | 2013-05-12 20:50:28 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@gnumonks.org> | 2013-05-13 01:13:27 +0200 |
| commit | 0a244b40c9394ba9d48b62575c3881734529b280 (patch) | |
| tree | c9a0d76913e20ed28a00fe19e0f54281dccb01e7 /openbsc/src/osmo-bsc_nat/bsc_nat.c | |
| parent | 2177624ca998c9a35595681c1595693544357b49 (diff) | |
nat: fix use after free in forward_sccp_to_bts
valgrind detected an use after free in the path of forward_sccp_to_bts.
The 'parsed' object is referenced from update_con_authorize.
Diffstat (limited to 'openbsc/src/osmo-bsc_nat/bsc_nat.c')
| -rw-r--r-- | openbsc/src/osmo-bsc_nat/bsc_nat.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/openbsc/src/osmo-bsc_nat/bsc_nat.c b/openbsc/src/osmo-bsc_nat/bsc_nat.c index 049680295..27ac74766 100644 --- a/openbsc/src/osmo-bsc_nat/bsc_nat.c +++ b/openbsc/src/osmo-bsc_nat/bsc_nat.c @@ -716,15 +716,18 @@ static int forward_sccp_to_bts(struct bsc_msc_connection *msc_con, struct msgb * LOGP(DNAT, LOGL_ERROR, "Unknown connection for msg type: 0x%x from the MSC.\n", parsed->sccp_type); } - talloc_free(parsed); - if (!con) + if (!con) { + talloc_free(parsed); return -1; + } if (!con->bsc->authenticated) { + talloc_free(parsed); LOGP(DNAT, LOGL_ERROR, "Selected BSC not authenticated.\n"); return -1; } update_con_authorize(con, parsed, msg); + talloc_free(parsed); bsc_send_data(con->bsc, msg->l2h, msgb_l2len(msg), proto); return 0; |