From 598e7b3cdf2d5b40ddb0081df72b413139cf0b71 Mon Sep 17 00:00:00 2001 From: Holger Hans Peter Freyther Date: Tue, 30 Jul 2013 08:45:29 +0200 Subject: gprs_sgsn: In case of a Activate PDP Context timeout we should free pdp In case of a failure this method didn't set the pctx->lib back to NULL. In case of a timeout the callback will be made with pdp=NULL and this would lead to leaking the PDP context. Check for the case of having a pctx->lib != pdp and free it. This resolves: <000f> gprs_sgsn.c:259 freeing PDP context that still has a libgtp handle attached to it, this shouldn't happen! --- openbsc/src/gprs/sgsn_libgtp.c | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'openbsc/src/gprs/sgsn_libgtp.c') diff --git a/openbsc/src/gprs/sgsn_libgtp.c b/openbsc/src/gprs/sgsn_libgtp.c index f2eb35d2c..db7b49e22 100644 --- a/openbsc/src/gprs/sgsn_libgtp.c +++ b/openbsc/src/gprs/sgsn_libgtp.c @@ -291,7 +291,16 @@ static int create_pdp_conf(struct pdp_t *pdp, void *cbp, int cause) return gsm48_tx_gsm_act_pdp_acc(pctx); reject: + /* + * In case of a timeout pdp will be NULL but we have a valid pointer + * in pctx->lib. For other rejects pctx->lib and pdp might be the + * same. + */ pctx->state = PDP_STATE_NONE; + if (pctx->lib && pctx->lib != pdp) + pdp_freepdp(pctx->lib); + pctx->lib = NULL; + if (pdp) pdp_freepdp(pdp); /* Send PDP CTX ACT REJ to MS */ -- cgit v1.2.3