diff options
author | Holger Hans Peter Freyther <zecke@selfish.org> | 2010-04-02 03:28:30 +0200 |
---|---|---|
committer | Holger Hans Peter Freyther <zecke@selfish.org> | 2010-04-02 03:28:30 +0200 |
commit | 44d92b472825ae51bc349a91c04c2547f6544a0f (patch) | |
tree | 9455f00f61a6463fee0424b87f7dfafeb1cd91f6 /openbsc/src | |
parent | 8aaec620da62e27fb9c1e5c1768e2b5d8574e707 (diff) |
bsc_msc_ip.c: Return after having freed the msgb
When reading MGCP is failing (e.g. because the udp socket
is not connected yet) we would have freed the msgb but we
didn't return and then executed msgb_put on a dead buffer.
Diffstat (limited to 'openbsc/src')
-rw-r--r-- | openbsc/src/bsc_msc_ip.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/openbsc/src/bsc_msc_ip.c b/openbsc/src/bsc_msc_ip.c index 166726342..535445a4a 100644 --- a/openbsc/src/bsc_msc_ip.c +++ b/openbsc/src/bsc_msc_ip.c @@ -603,9 +603,14 @@ static int mgcp_do_read(struct bsc_fd *fd) ret = read(fd->fd, mgcp->data, mgcp->len); if (ret <= 0) { - LOGP(DMGCP, LOGL_ERROR, "Failed to read: %d\n", errno); + LOGP(DMGCP, LOGL_ERROR, "Failed to read: %d/%s\n", errno, strerror(errno)); msgb_free(mgcp); - } + return -1; + } else if (ret > 4096 - 128) { + LOGP(DMGCP, LOGL_ERROR, "Too much data: %d\n", ret); + msgb_free(mgcp); + return -1; + } msgb_put(mgcp, ret); msc_queue_write(mgcp, NAT_IPAC_PROTO_MGCP); |