[GPRS NS] Fix memory leak in gprs_ns_sendmsg() error path
When gprs_ns_sendmsg() succeeds in sending the message, we free()d the
msgb after transmitting it on the socket. However, if the NS-VC is
blocked or some other error condition exists, we returned an error
code but didn't free the msgb.
This resulted in an error leak which is now being addressed.
diff --git a/openbsc/src/gprs/gprs_ns.c b/openbsc/src/gprs/gprs_ns.c
index 3db1d67..6009a7d 100644
--- a/openbsc/src/gprs/gprs_ns.c
+++ b/openbsc/src/gprs/gprs_ns.c
@@ -505,6 +505,7 @@
if (!nsvc) {
LOGP(DNS, LOGL_ERROR, "Unable to resolve NSEI %u "
"to NS-VC!\n", msgb_nsei(msg));
+ msgb_free(msg);
return -EINVAL;
}
log_set_context(BSC_CTX_NSVC, nsvc);
@@ -512,11 +513,13 @@
if (!(nsvc->state & NSE_S_ALIVE)) {
LOGP(DNS, LOGL_ERROR, "NSEI=%u is not alive, cannot send\n",
nsvc->nsei);
+ msgb_free(msg);
return -EBUSY;
}
if (nsvc->state & NSE_S_BLOCKED) {
LOGP(DNS, LOGL_ERROR, "NSEI=%u is blocked, cannot send\n",
nsvc->nsei);
+ msgb_free(msg);
return -EBUSY;
}
@@ -524,6 +527,7 @@
nsh = (struct gprs_ns_hdr *) msg->l2h;
if (!nsh) {
LOGP(DNS, LOGL_ERROR, "Not enough headroom for NS header\n");
+ msgb_free(msg);
return -EIO;
}