bsc_msc_ip.c: Return after having freed the msgb

When reading MGCP is failing (e.g. because the udp socket is not connected yet) we would have freed the msgb but we didn't return and then executed msgb_put on a dead buffer.
author: Holger Hans Peter Freyther <zecke@selfish.org> 2010-04-02 03:28:30 +0200
committer: Holger Hans Peter Freyther <zecke@selfish.org> 2010-04-02 03:28:30 +0200
commit: 44d92b472825ae51bc349a91c04c2547f6544a0f (patch)
tree: 9455f00f61a6463fee0424b87f7dfafeb1cd91f6
parent: 8aaec620da62e27fb9c1e5c1768e2b5d8574e707 (diff)
1 files changed, 7 insertions, 2 deletions
diff --git a/openbsc/src/bsc_msc_ip.c b/openbsc/src/bsc_msc_ip.c
index 166726342..535445a4a 100644
--- a/openbsc/src/bsc_msc_ip.c
+++ b/openbsc/src/bsc_msc_ip.c
@@ -603,9 +603,14 @@ static int mgcp_do_read(struct bsc_fd *fd)
 
 	ret = read(fd->fd, mgcp->data, mgcp->len);
 	if (ret <= 0) {
-		LOGP(DMGCP, LOGL_ERROR, "Failed to read: %d\n", errno);
+		LOGP(DMGCP, LOGL_ERROR, "Failed to read: %d/%s\n", errno, strerror(errno));
 		msgb_free(mgcp);
-	}
+		return -1;
+	} else if (ret > 4096 - 128) {
+		LOGP(DMGCP, LOGL_ERROR, "Too much data: %d\n", ret);
+		msgb_free(mgcp);
+		return -1; 
+        }
 
 	msgb_put(mgcp, ret);
 	msc_queue_write(mgcp, NAT_IPAC_PROTO_MGCP);
author	Holger Hans Peter Freyther <zecke@selfish.org>	2010-04-02 03:28:30 +0200
committer	Holger Hans Peter Freyther <zecke@selfish.org>	2010-04-02 03:28:30 +0200
commit	44d92b472825ae51bc349a91c04c2547f6544a0f (patch)
tree	9455f00f61a6463fee0424b87f7dfafeb1cd91f6
parent	8aaec620da62e27fb9c1e5c1768e2b5d8574e707 (diff)