diff options
author | Stefan Sperling <ssperling@sysmocom.de> | 2018-06-06 17:23:53 +0200 |
---|---|---|
committer | Stefan Sperling <ssperling@sysmocom.de> | 2018-06-06 17:25:52 +0200 |
commit | 7eb45887b32d9b16c1ea45ab995a6d0398887056 (patch) | |
tree | 77c052dc463d53ca16c0ab7b186e308d65af672c | |
parent | ee770e5b5d9b91266177b0689f671e13d4eb087d (diff) |
fix use after free in osmo_sccp_simple_server_add_clnt()
The variable as_name was freed before being passed to the
osmo_ss7_route_create() function. Free it later to avoid
a use-after-free crash with address sanitizer.
Found by running 'examples/m3ua_example aaa' with address
sanitizer enabled.
Change-Id: I9d724bc1d2aa8d6f8b6a67bdeafdb5f0f9136413
Related: OS#2666
-rw-r--r-- | src/sccp_user.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/sccp_user.c b/src/sccp_user.c index a6161c0..99ed96e 100644 --- a/src/sccp_user.c +++ b/src/sccp_user.c @@ -611,7 +611,6 @@ osmo_sccp_simple_server_add_clnt(struct osmo_sccp_instance *inst, as = osmo_ss7_as_find_or_create(ss7, as_name, prot); if (!as) goto out_strings; - talloc_free(as_name); /* route only selected PC to the client */ rt = osmo_ss7_route_create(ss7->rtable_system, pc, 0xffff, as_name); @@ -624,6 +623,7 @@ osmo_sccp_simple_server_add_clnt(struct osmo_sccp_instance *inst, asp->cfg.is_server = true; osmo_ss7_as_add_asp(as, asp_name); talloc_free(asp_name); + talloc_free(as_name); osmo_ss7_asp_restart(asp); return ss7->sccp; |