diff options
author | Vadim Yanitskiy <axilirator@gmail.com> | 2019-05-07 21:05:18 +0700 |
---|---|---|
committer | Vadim Yanitskiy <axilirator@gmail.com> | 2019-05-07 21:12:04 +0700 |
commit | d9724f429818c6ecd2af822ee2c68a52c2cce358 (patch) | |
tree | c72fc8b8b9351f11de82cd051ae490defac19490 | |
parent | c69a18bb3d7ac8deae5c7ebf4790c1ac8a375b65 (diff) |
hlr.c: fix possible msgb memleaks in read_cb()
Change-Id: I1226eeb24d7657e2782760fab1b49d5581ab53e2
-rw-r--r-- | src/hlr.c | 12 |
1 files changed, 8 insertions, 4 deletions
@@ -521,20 +521,24 @@ static int read_cb(struct osmo_gsup_conn *conn, struct msgb *msg) if (!msgb_l2(msg) || !msgb_l2len(msg)) { LOGP(DMAIN, LOGL_ERROR, "missing or empty L2 data\n"); - return -EINVAL; /* FIXME: msgb_free(msg); */ + msgb_free(msg); + return -EINVAL; } rc = osmo_gsup_decode(msgb_l2(msg), msgb_l2len(msg), &gsup); if (rc < 0) { LOGP(DMAIN, LOGL_ERROR, "error in GSUP decode: %d\n", rc); - return rc; /* FIXME: msgb_free(msg); */ + msgb_free(msg); + return rc; } /* 3GPP TS 23.003 Section 2.2 clearly states that an IMSI with less than 5 * digits is impossible. Even 5 digits is a highly theoretical case */ - if (strlen(gsup.imsi) < 5) { + if (strlen(gsup.imsi) < 5) { /* TODO: move this check to libosmogsm/gsup.c? */ LOGP(DMAIN, LOGL_ERROR, "IMSI too short: %s\n", osmo_quote_str(gsup.imsi, -1)); - return gsup_send_err_reply(conn, gsup.imsi, gsup.message_type, GMM_CAUSE_INV_MAND_INFO); + gsup_send_err_reply(conn, gsup.imsi, gsup.message_type, GMM_CAUSE_INV_MAND_INFO); + msgb_free(msg); + return -EINVAL; } if (gsup.destination_name_len) |