NACC: Fix crash freeing struct if CTRL conn was refused during alloc

Older versions of osmo_ctrl_conn_alloc() may not properly initialize write_queue.bfd.fd to -1, which means if osmo_sock_init2_ofd() failed during nacc_fsm_alloc(), the destructor would wrongly enter the conditon where the whole structure is set and unregister the unregistered fd. Related: libosmocore Change-Id I98f744d2880fbb883719cdf1d3eb31f2b22a13b6 Related: SYS#4909 Change-Id: I253bd9087b1f7ab039aa1127e9dc586f5106905a
author: Pau Espin Pedrol <pespin@sysmocom.de> 2021-01-27 17:05:12 +0100
committer: Pau Espin Pedrol <pespin@sysmocom.de> 2021-01-29 12:59:30 +0100
commit: 202a47886c088dbdf97015330f2a44f19817592a (patch)
tree: 826fb9baa27649762b3ae671b4823050f9092cef
parent: c0a250d17d79e08763f77cdf58e970dc2e65e7d3 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/src/nacc_fsm.c b/src/nacc_fsm.c
index 0a20ae6d..b8350a64 100644
--- a/src/nacc_fsm.c
+++ b/src/nacc_fsm.c
@@ -623,6 +623,9 @@ struct nacc_fsm_ctx *nacc_fsm_alloc(struct GprsMs* ms)
 	ctx->neigh_ctrl_conn = osmo_ctrl_conn_alloc(ctx, ctx->neigh_ctrl);
 	if (!ctx->neigh_ctrl_conn)
 		goto free_ret;
+	/* Older versions of osmo_ctrl_conn_alloc didn't properly initialize fd to -1,
+	 * so make sure to do it here otherwise fd may be valid fd 0 and cause trouble */
+	ctx->neigh_ctrl_conn->write_queue.bfd.fd = -1;
 	llist_add(&ctx->neigh_ctrl_conn->list_entry, &ctx->neigh_ctrl->ccon_list);
 
 	rc = osmo_sock_init2_ofd(&ctx->neigh_ctrl_conn->write_queue.bfd,
author	Pau Espin Pedrol <pespin@sysmocom.de>	2021-01-27 17:05:12 +0100
committer	Pau Espin Pedrol <pespin@sysmocom.de>	2021-01-29 12:59:30 +0100
commit	202a47886c088dbdf97015330f2a44f19817592a (patch)
tree	826fb9baa27649762b3ae671b4823050f9092cef
parent	c0a250d17d79e08763f77cdf58e970dc2e65e7d3 (diff)