From 9336cede840a10dd3252298529721e285ca4e871 Mon Sep 17 00:00:00 2001 From: Daniel Willmann Date: Wed, 4 May 2016 16:45:02 +0200 Subject: libiu: Fix memory leaks on receive and transmit The ranap_handle_* functions generate a msgb and pass it on to the receive callback. After processing the message the msgb needs to be freed again. iu_tx() takes a msgb and uses ranap_new_msg_dt() to generate a new msgb from it. The old msgb needs to be freed. --- openbsc/src/libiu/iu.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/openbsc/src/libiu/iu.c b/openbsc/src/libiu/iu.c index d619b9749..e77bf7ac5 100644 --- a/openbsc/src/libiu/iu.c +++ b/openbsc/src/libiu/iu.c @@ -328,6 +328,8 @@ static int ranap_handle_co_initial_ue(void *ctx, RANAP_InitialUE_MessageIEs_t *i msg->dst = ctx; global_iu_recv_cb(msg, &ra_id, &sai); + msgb_free(msg); + return 0; } @@ -359,6 +361,8 @@ static int ranap_handle_co_dt(void *ctx, RANAP_DirectTransferIEs_t *ies) msg->dst = ctx; global_iu_recv_cb(msg, ra_id, sai); + msgb_free(msg); + return 0; } @@ -373,15 +377,17 @@ static int ranap_handle_co_err_ind(void *ctx, RANAP_ErrorIndicationIEs_t *ies) return 0; } -int iu_tx(struct msgb *msg, uint8_t sapi) +int iu_tx(struct msgb *msg_nas, uint8_t sapi) { - struct ue_conn_ctx *uectx = msg->dst; + struct ue_conn_ctx *uectx = msg_nas->dst; + struct msgb *msg; struct osmo_scu_prim *prim; LOGP(DRANAP, LOGL_INFO, "Transmitting L3 Message as RANAP DT (SUA link %p conn_id %u)\n", uectx->link, uectx->conn_id); - msg = ranap_new_msg_dt(sapi, msg->data, msgb_length(msg)); + msg = ranap_new_msg_dt(sapi, msg_nas->data, msgb_length(msg_nas)); + msgb_free(msg_nas); msg->l2h = msg->data; prim = (struct osmo_scu_prim *) msgb_push(msg, sizeof(*prim)); prim->u.data.conn_id = uectx->conn_id; -- cgit v1.2.3