aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDaniel Willmann <dwillmann@sysmocom.de>2018-01-30 20:16:07 +0100
committerDaniel Willmann <dwillmann@sysmocom.de>2018-01-30 20:16:07 +0100
commitb4d2499f43ab9f3f63f9560726bcb4f7284fc5fa (patch)
tree9c01564fc460150d29425e96b49558dbf279f801
parent960f58af407960ebf310281f72826c91e52e20c9 (diff)
osmo-bsc_nat: Fix use-after-free issue in ctrl forwarding codedaniel/bsc-nat-rebase
Ticket: SYS#3208
-rw-r--r--openbsc/src/osmo-bsc_nat/bsc_nat_ctrl.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/openbsc/src/osmo-bsc_nat/bsc_nat_ctrl.c b/openbsc/src/osmo-bsc_nat/bsc_nat_ctrl.c
index 128ea6518..a1b6210e4 100644
--- a/openbsc/src/osmo-bsc_nat/bsc_nat_ctrl.c
+++ b/openbsc/src/osmo-bsc_nat/bsc_nat_ctrl.c
@@ -276,7 +276,8 @@ static int forward_to_bsc(struct ctrl_cmd *cmd)
}
pending->ccon = cmd->ccon;
pending->ccon->closed_cb = ctrl_conn_closed_cb;
- pending->cmd = cmd;
+ /* Copy command since it will be free()d after we exit here */
+ pending->cmd = ctrl_cmd_cpy(pending, cmd);
/* Setup the timeout */
osmo_timer_setup(&pending->timeout, pending_timeout_cb,