From d9724f429818c6ecd2af822ee2c68a52c2cce358 Mon Sep 17 00:00:00 2001
From: Vadim Yanitskiy <axilirator@gmail.com>
Date: Tue, 7 May 2019 21:05:18 +0700
Subject: hlr.c: fix possible msgb memleaks in read_cb()

Change-Id: I1226eeb24d7657e2782760fab1b49d5581ab53e2
---
 src/hlr.c | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

(limited to 'src')

diff --git a/src/hlr.c b/src/hlr.c
index 84daa47..d9ebaf7 100644
--- a/src/hlr.c
+++ b/src/hlr.c
@@ -521,20 +521,24 @@ static int read_cb(struct osmo_gsup_conn *conn, struct msgb *msg)
 
 	if (!msgb_l2(msg) || !msgb_l2len(msg)) {
 		LOGP(DMAIN, LOGL_ERROR, "missing or empty L2 data\n");
-		return -EINVAL; /* FIXME: msgb_free(msg); */
+		msgb_free(msg);
+		return -EINVAL;
 	}
 
 	rc = osmo_gsup_decode(msgb_l2(msg), msgb_l2len(msg), &gsup);
 	if (rc < 0) {
 		LOGP(DMAIN, LOGL_ERROR, "error in GSUP decode: %d\n", rc);
-		return rc; /* FIXME: msgb_free(msg); */
+		msgb_free(msg);
+		return rc;
 	}
 
 	/* 3GPP TS 23.003 Section 2.2 clearly states that an IMSI with less than 5
 	 * digits is impossible.  Even 5 digits is a highly theoretical case */
-	if (strlen(gsup.imsi) < 5) {
+	if (strlen(gsup.imsi) < 5) { /* TODO: move this check to libosmogsm/gsup.c? */
 		LOGP(DMAIN, LOGL_ERROR, "IMSI too short: %s\n", osmo_quote_str(gsup.imsi, -1));
-		return gsup_send_err_reply(conn, gsup.imsi, gsup.message_type, GMM_CAUSE_INV_MAND_INFO);
+		gsup_send_err_reply(conn, gsup.imsi, gsup.message_type, GMM_CAUSE_INV_MAND_INFO);
+		msgb_free(msg);
+		return -EINVAL;
 	}
 
 	if (gsup.destination_name_len)
-- 
cgit v1.2.3