diff options
| author | Harald Welte <laforge@osmocom.org> | 2022-05-16 17:31:36 +0200 |
|---|---|---|
| committer | Harald Welte <laforge@osmocom.org> | 2022-05-16 17:33:42 +0200 |
| commit | 022193da73230fba5c65599fedcba606b71f9928 (patch) | |
| tree | 0a95f8743d02ff7ad1aac9b04fd0e5aadb13eedc | |
| parent | 63494a6bef1a54f87742e83d9ad18f64d2dae2af (diff) | |
smpp: Fix use-after-free bug when ESME disconnects but has write pending
When the SMPP code free's an ESME it also free's the related write_queue
and the osmo_fd contained therein. So if this happens while we are
in esme_link_read_cb(), we must return -EBADF to make
osmo_wqueue_bfd_cb() of libosmocore avoid further accessing related
memory.
Change-Id: I441d3b05c2f2556c530783a7f66c73adf6d845a1
Closes: OS#5565
| -rw-r--r-- | src/libmsc/smpp_smsc.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/libmsc/smpp_smsc.c b/src/libmsc/smpp_smsc.c index 4581865b9..6712032f3 100644 --- a/src/libmsc/smpp_smsc.c +++ b/src/libmsc/smpp_smsc.c @@ -888,7 +888,7 @@ dead_socket: esme->acl->esme = NULL; smpp_esme_put(esme); - return 0; + return -EBADF; } /* call-back of write queue once it wishes to write a message to the socket */ |