diff options
author | Vadim Yanitskiy <axilirator@gmail.com> | 2019-05-10 02:44:57 +0700 |
---|---|---|
committer | Vadim Yanitskiy <axilirator@gmail.com> | 2019-05-10 02:56:07 +0700 |
commit | 53d3e0e54a6d9fe4356c6076cb8d064fba3b4e87 (patch) | |
tree | 691b6b717e737737e91a96c52b85e406100f637d /src/libmsc/ran_peer.c | |
parent | f839967f91939b8dc5fab3e09e9d524552f17dbb (diff) |
libmsc/ran_peer.c: fix msgb memleak in ran_peer_rx_reset()
It was noticed that SCCP_RAN_MSG_RESET_ACK message is not freed after
sending. Since ran_peer_rx_reset() calls sccp_ran_down_l2_cl(), which
then calls osmo_sccp_user_sap_down_nofree(), which doesn't free the
message buffer (what's clear from its name).
OsmoMSC# show talloc-context application full filter msgb
full talloc report on 'osmo_msc' (total 20155 bytes in 88 blocks)
msgb contains 4640 bytes in 5 blocks (ref 0)
bssmap: reset ack contains 1160 bytes in 1 blocks (ref 0)
bssmap: reset ack contains 1160 bytes in 1 blocks (ref 0)
bssmap: reset ack contains 1160 bytes in 1 blocks (ref 0)
Let's free it after sending (or in case of error).
Change-Id: Ic174f6eecd6254af597dfbdc1c9e3d65716f0a76
Diffstat (limited to 'src/libmsc/ran_peer.c')
-rw-r--r-- | src/libmsc/ran_peer.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/libmsc/ran_peer.c b/src/libmsc/ran_peer.c index ac2bb4f96..40040a2e3 100644 --- a/src/libmsc/ran_peer.c +++ b/src/libmsc/ran_peer.c @@ -140,11 +140,15 @@ static void ran_peer_rx_reset(struct ran_peer *rp) if (sccp_ran_down_l2_cl(rp->sri, &rp->peer_addr, reset_ack)) { LOG_RAN_PEER(rp, LOGL_ERROR, "Failed to send RESET ACKNOWLEDGE message\n"); ran_peer_state_chg(rp, RAN_PEER_ST_WAIT_RX_RESET); + msgb_free(reset_ack); return; } LOG_RAN_PEER(rp, LOGL_INFO, "Sent RESET ACKNOWLEDGE\n"); + /* sccp_ran_down_l2_cl() doesn't free msgb */ + msgb_free(reset_ack); + ran_peer_state_chg(rp, RAN_PEER_ST_READY); } |