Gitiles
Code Review Sign In
gerrit.osmocom.org / libosmocore / 334cf8759f986fd1d6b191cc12a4134cb912974f
commit334cf8759f986fd1d6b191cc12a4134cb912974f[log] [tgz]
authorDaniel Willmann <dwillmann@sysmocom.de>Wed Nov 10 16:44:56 2021 +0100
committerDaniel Willmann <dwillmann@sysmocom.de>Thu Nov 11 16:50:01 2021 +0100
tree03aeaadd549b217f7806799e5a4f834bf2faa87b
parent6b5a533f4d44e75356e3f1c006e311215611541d [diff]
ns2: Avoid use-after-free when SGSN-side non-persistent SNS-NSE fails

alive_timeout_handler() changes the state to RECOVERING which calls
ns2_st_alive_onenter()->ns2_nse_notify_unblocked(unblocked=false)->
ns2_sns_notify_alive(unblocked=false)

When all (signalling) NSVCs have failed and gss->role is SGSN and not
persistent sns_failed() calls gprs_ns2_free_nse() which talloc_free()s
the nse before returning.

The next line in ns2_nse_notify_unblocked() tries to read nse->alive which then causes the
use-after-free.

Change-Id: I0486a77fd3e21fd3904bd19e4e0225ffbf654935
Related: OS#5302
1 file changed
tree: 03aeaadd549b217f7806799e5a4f834bf2faa87b
  1. contrib/
  2. debian/
  3. doc/
  4. include/
  5. m4/
  6. src/
  7. tapset/
  8. tests/
  9. utils/
  10. .gitignore
  11. .gitreview
  12. .mailmap
  13. configure.ac
  14. COPYING
  15. Doxyfile.codec.in
  16. Doxyfile.coding.in
  17. Doxyfile.core.in
  18. Doxyfile.ctrl.in
  19. Doxyfile.gb.in
  20. Doxyfile.gsm.in
  21. Doxyfile.vty.in
  22. git-version-gen
  23. libosmocodec.pc.in
  24. libosmocoding.pc.in
  25. libosmocore.pc.in
  26. libosmoctrl.pc.in
  27. libosmogb.pc.in
  28. libosmogsm.pc.in
  29. libosmosim.pc.in
  30. libosmousb.pc.in
  31. libosmovty.pc.in
  32. Makefile.am
  33. osmo-release.mk
  34. osmo-release.sh
  35. README.md
  36. TODO-RELEASE
README.md

libosmocore - set of Osmocom core libraries

This repository contains a set of C-language libraries that form the core infrastructure of many Osmocom Open Source Mobile Communications projects.

Historically, a lot of this code was developed as part of the OpenBSC project, but which are of a more generic nature and thus useful to (at least) other programs that we develop in the sphere of Free Software / Open Source mobile communications.

There is no clear scope of it. We simply move all shared code between the various Osmocom projects in this library to avoid code duplication.

The libosmocore.git repository build multiple libraries:

  • libosmocore contains some general-purpose functions like select-loop abstraction, message buffers, timers, linked lists
  • libosmovty contains routines related to the interactive command-line interface called VTY
  • libosmogsm contains definitions and helper code related to GSM protocols
  • libosmoctrl contains a shared implementation of the Osmocom control interface
  • libosmogb contains an implementation of the Gb interface with its NS/BSSGP protocols
  • libosmocodec contains an implementation of GSM voice codecs
  • libosmocoding contains an implementation of GSM channel coding
  • libosmosim contains infrastructure to interface SIM/UICC/USIM cards

Homepage

The official homepage of the project is https://osmocom.org/projects/libosmocore/wiki/Libosmocore

GIT Repository

You can clone from the official libosmocore.git repository using

git clone git://git.osmocom.org/libosmocore.git

There is a cgit interface at https://git.osmocom.org/libosmocore/

Documentation

Doxygen-generated API documentation is generated during the build process, but also available online for each of the sub-libraries at https://ftp.osmocom.org/api/latest/libosmocore/

Mailing List

Discussions related to libosmocore are happening on the openbsc@lists.osmocom.org mailing list, please see https://lists.osmocom.org/mailman/listinfo/openbsc for subscription options and the list archive.

Please observe the Osmocom Mailing List Rules when posting.

Contributing

Our coding standards are described at https://osmocom.org/projects/cellular-infrastructure/wiki/Coding_standards

We us a gerrit based patch submission/review process for managing contributions. Please see https://osmocom.org/projects/cellular-infrastructure/wiki/Gerrit for more details

The current patch queue for libosmocore can be seen at https://gerrit.osmocom.org/#/q/project:libosmocore+status:open