commit | 988f6d72c55a041b9b382143e2548571a3510abc | [log] [tgz] |
---|---|---|
author | Neels Hofmeyr <neels@hofmeyr.de> | Fri Oct 04 20:37:17 2019 +0200 |
committer | Neels Hofmeyr <neels@hofmeyr.de> | Tue Oct 29 16:46:04 2019 +0100 |
tree | 0b1e62f1bb028e1b060803dedcd9a20b3fce4e45 | |
parent | d4b4edd316df5918f0c04360f05d01e230895e7d [diff] |
add osmo_fsm_set_dealloc_ctx(), to help with use-after-free This is a simpler and more general solution to the problem so far solved by osmo_fsm_term_safely(true). This extends use-after-free fixes to arbitrary functions, not only FSM instances during termination. The aim is to defer talloc_free() until back in the main loop. Rationale: I discovered an osmo-msc use-after-free crash from an invalid message, caused by this pattern: void event_action() { osmo_fsm_inst_dispatch(foo, FOO_EVENT, NULL); osmo_fsm_inst_dispatch(bar, BAR_EVENT, NULL); } Usually, FOO_EVENT takes successful action, and afterwards we also notify bar. However, in this particular case, FOO_EVENT caused failure, and the immediate error handling directly terminated and deallocated bar. In such a case, dispatching BAR_EVENT causes a use-after-free; this constituted a DoS vector just from sending messages that cause *any* failure during the first event dispatch. Instead, when this is enabled, we do not deallocate 'foo' until event_action() has returned back to the main loop. Test: duplicate fsm_dealloc_test.c using this, and print the number of items deallocated in each test loop, to ensure the feature works. We also verify that the deallocation safety works simply by fsm_dealloc_test.c not crashing. We should probably follow up by refusing event dispatch and state transitions for FSM instances that are terminating or already terminated: see I0adc13a1a998e953b6c850efa2761350dd07e03a. Change-Id: Ief4dba9ea587c9b4aea69993e965fbb20fb80e78
This repository contains a set of C-language libraries that form the core infrastructure of many Osmocom Open Source Mobile Communications projects.
Historically, a lot of this code was developed as part of the OpenBSC project, but which are of a more generic nature and thus useful to (at least) other programs that we develop in the sphere of Free Software / Open Source mobile communications.
There is no clear scope of it. We simply move all shared code between the various Osmocom projects in this library to avoid code duplication.
The libosmcoore.git repository build multiple libraries:
The official homepage of the project is https://osmocom.org/projects/libosmocore/wiki/Libosmocore
You can clone from the official libosmocore.git repository using
git clone git://git.osmocom.org/libosmocore.git
There is a cgit interface at http://git.osmocom.org/libosmocore/
Doxygen-generated API documentation is generated during the build process, but also available online for each of the sub-libraries at http://ftp.osmocom.org/api/latest/libosmocore/
Discussions related to libosmocore are happening on the openbsc@lists.osmocom.org mailing list, please see https://lists.osmocom.org/mailman/listinfo/openbsc for subscription options and the list archive.
Please observe the Osmocom Mailing List Rules when posting.
Our coding standards are described at https://osmocom.org/projects/cellular-infrastructure/wiki/Coding_standards
We us a gerrit based patch submission/review process for managing contributions. Please see https://osmocom.org/projects/cellular-infrastructure/wiki/Gerrit for more details
The current patch queue for libosmocore can be seen at https://gerrit.osmocom.org/#/q/project:libosmocore+status:open