diff options
author | Pau Espin Pedrol <pespin@sysmocom.de> | 2021-01-27 17:05:12 +0100 |
---|---|---|
committer | Pau Espin Pedrol <pespin@sysmocom.de> | 2021-01-29 12:59:30 +0100 |
commit | 202a47886c088dbdf97015330f2a44f19817592a (patch) | |
tree | 826fb9baa27649762b3ae671b4823050f9092cef | |
parent | c0a250d17d79e08763f77cdf58e970dc2e65e7d3 (diff) |
NACC: Fix crash freeing struct if CTRL conn was refused during alloc
Older versions of osmo_ctrl_conn_alloc() may not properly initialize
write_queue.bfd.fd to -1, which means if osmo_sock_init2_ofd() failed
during nacc_fsm_alloc(), the destructor would wrongly enter the conditon
where the whole structure is set and unregister the unregistered fd.
Related: libosmocore Change-Id I98f744d2880fbb883719cdf1d3eb31f2b22a13b6
Related: SYS#4909
Change-Id: I253bd9087b1f7ab039aa1127e9dc586f5106905a
-rw-r--r-- | src/nacc_fsm.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/src/nacc_fsm.c b/src/nacc_fsm.c index 0a20ae6d..b8350a64 100644 --- a/src/nacc_fsm.c +++ b/src/nacc_fsm.c @@ -623,6 +623,9 @@ struct nacc_fsm_ctx *nacc_fsm_alloc(struct GprsMs* ms) ctx->neigh_ctrl_conn = osmo_ctrl_conn_alloc(ctx, ctx->neigh_ctrl); if (!ctx->neigh_ctrl_conn) goto free_ret; + /* Older versions of osmo_ctrl_conn_alloc didn't properly initialize fd to -1, + * so make sure to do it here otherwise fd may be valid fd 0 and cause trouble */ + ctx->neigh_ctrl_conn->write_queue.bfd.fd = -1; llist_add(&ctx->neigh_ctrl_conn->list_entry, &ctx->neigh_ctrl->ccon_list); rc = osmo_sock_init2_ofd(&ctx->neigh_ctrl_conn->write_queue.bfd, |