Gitiles
Code Review Sign In
gerrit.osmocom.org / osmo-msc / ce96928e121fb59ad28e89b3987eaab1566c9a32
commitce96928e121fb59ad28e89b3987eaab1566c9a32[log] [tgz]
authorHarald Welte <laforge@gnumonks.org>Sat Apr 14 15:04:28 2018 +0200
committerHarald Welte <laforge@gnumonks.org>Sat Apr 14 15:07:36 2018 +0200
tree724719c0fe3ae5d6257062aef133e3a122fe5960
parent99a8d235f3da4c2239126fd1ba5b9c6ef69835fc [diff]
smpp: Unset esme->acl on socket close

We set acl->esme during _process_bind(), but we don't clear it
in case the TCP connection for the ESME is dead.  This leads to
a stale acl->esme pointer, which we will attempt to dereference
the next time a SMS is delivered to a route pointing to this acl,
where it will be a heap use-after-free.

This was discovered using AddressSanitizer and MSC_Tests.ttcn

Closes: OS#3168
Change-Id: I1f140d7f9c7d89f200ddbcd81a8df66de69fb3e4
1 file changed
tree: 724719c0fe3ae5d6257062aef133e3a122fe5960
  1. contrib/
  2. debian/
  3. doc/
  4. include/
  5. m4/
  6. src/
  7. tests/
  8. .gitignore
  9. .gitreview
  10. .mailmap
  11. AUTHORS
  12. configure.ac
  13. COPYING
  14. git-version-gen
  15. Makefile.am
  16. osmoappdesc.py
  17. README
  18. README.vty-tests