diff options
author | Pau Espin Pedrol <pespin@sysmocom.de> | 2018-04-17 16:16:57 +0200 |
---|---|---|
committer | Pau Espin Pedrol <pespin@sysmocom.de> | 2018-04-17 16:16:59 +0200 |
commit | cbd5bdad297a4c410240b4d1ed3998d167e039a4 (patch) | |
tree | bf0b931e1ef8c40b4d1129d66a8d346ebc8ea585 | |
parent | 093cc765665cae83ce17b0eb452ff3f7b8bfdb14 (diff) |
smpp_smsc_conf: Fix heap-use-after-free
Backport from osmo-msc Change-Id Iaf0d251c8d2912266a087ada4d20905146e08592.
Fixes following error catched by enabling address sanitizer:
==20792==ERROR: AddressSanitizer: heap-use-after-free on address 0x60b000122610 at pc 0x7f9c9c3fe063 bp 0x7ffd2e68f600 sp 0x7ffd2e68edb0
READ of size 11 at 0x60b000122610 thread T0
#0 0x7f9c9c3fe062 (/usr/lib/x86_64-linux-gnu/libasan.so.3+0x3c062)
#1 0x7f9c9beb8ee4 in talloc_strdup (/usr/lib/x86_64-linux-gnu/libtalloc.so.2+0x6ee4)
#2 0x56096a7cf75b in smpp_smsc_conf src/libmsc/smpp_smsc.c:983
#3 0x56096a7cf9df in smpp_smsc_start src/libmsc/smpp_smsc.c:1015
#4 0x56096a7d4935 in smpp_openbsc_start src/libmsc/smpp_openbsc.c:785
#5 0x56096a755ad0 in main src/osmo-msc/msc_main.c:598
#6 0x7f9c9927b2e0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202e0)
#7 0x56096a756979 in _start (/home/jenkins/workspace/osmo-gsm-tester_run-prod/trial-805/inst/osmo-msc/bin/osmo-msc+0xf0979)
Related: OS#3181
Change-Id: Ifce107dc5f0971d7580b7adc09f05e334792bace
-rw-r--r-- | openbsc/src/libmsc/smpp_smsc.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/openbsc/src/libmsc/smpp_smsc.c b/openbsc/src/libmsc/smpp_smsc.c index 83c29f69e..e4acd3ab7 100644 --- a/openbsc/src/libmsc/smpp_smsc.c +++ b/openbsc/src/libmsc/smpp_smsc.c @@ -972,14 +972,19 @@ struct smsc *smpp_smsc_alloc_init(void *ctx) /*! \brief Set the SMPP address and port without binding. */ int smpp_smsc_conf(struct smsc *smsc, const char *bind_addr, uint16_t port) { + smsc->listen_port = port; + + /* Avoid use-after-free if bind_addr == smsc->bind_addr */ + if (smsc->bind_addr == bind_addr) + return 0; + talloc_free((void*)smsc->bind_addr); smsc->bind_addr = NULL; if (bind_addr) { - smsc->bind_addr = talloc_strdup(smsc, bind_addr); + smsc->bind_addr = bind_addr ? talloc_strdup(smsc, bind_addr) : NULL; if (!smsc->bind_addr) return -ENOMEM; } - smsc->listen_port = port; return 0; } |