commit | 4f67a9bf4610c9e948f0d81f3b039f36675180a3 | [log] [tgz] |
---|---|---|
author | Pau Espin Pedrol <pespin@sysmocom.de> | Wed Jun 30 16:03:06 2021 +0200 |
committer | Pau Espin Pedrol <pespin@sysmocom.de> | Thu Jul 01 13:09:10 2021 +0200 |
tree | bf7f2aca513c0df2f2eaf2f4772a779e2558898b | |
parent | 1989a190664ca1d4169c80336b2ecc00426c84f1 [diff] |
pdch: Fix heap-use-after-free in pdch->ulc In existing previous code, pdch->ulc would be freed in gprs_rlcmac_pdch::free_resources() when it became disabled as per PCUIF info_ind (for instance, when a DYN TS is switched PDCH->SDCCH8). However, pdch->ulc was so far only allocated during pdch_init, which is only called during bts_alloc() time. Hence, after first info_ind disabling it, if it became again enabled (again by info_ind re-enabling it after SDCCH8 was not longer in use), the pdch->ulc would be used again but it would point to freed memory. Let's rearrange how/when resources are freed to make it more logical. With this patch, pdch internal resources are freed upon ->disable(), and re-allocated upon ->enable(). Change-Id: Id51f5f6a54ac9f24b784c17bc360ac38f5726fc7
This repository contains a C/C++-language implementation of a GPRS Packet Control Unit, as specified by ETSI/3GPP. It is part of the Osmocom Open Source Mobile Communications project.
The Packet Control Unit is terminating the Layer 2 (RLC/MAC) of the GPRS radio interface and adapting it to the Gb Interface (BSSGP+NS Protocol) towards the SGSN.
The PCU interfaces with the physical layer of the radio interface. OsmoPCU is typically used co-located with the BTS, specifically OsmoBTS. For legacy BTSs that run proprietary sotware without an interface to OsmoPCU, you may also co-locate it with the BSC, specifically OsmoBSC
The official homepage of the project is https://osmocom.org/projects/osmopcu/wiki/OsmoPCU
You can clone from the official osmo-pcu.git repository using
git clone git://git.osmocom.org/osmo-pcu.git
There is a cgit interface at http://git.osmocom.org/osmo-pcu/
We provide a user manual as well as a vty reference manual
Please note that a lot of the PCU configuration actually happens inside the BSC, which passes this configuration via A-bis OML to the BTS, which then in turn passes it via the PCU socket into OsmoPCU.
Discussions related to osmo-pcu are happening on the osmocom-net-gprs@lists.osmocom.org mailing list, please see https://lists.osmocom.org/mailman/listinfo/osmocom-net-gprs for subscription options and the list archive.
Please observe the Osmocom Mailing List Rules when posting.
Our coding standards are described at https://osmocom.org/projects/cellular-infrastructure/wiki/Coding_standards
We us a gerrit based patch submission/review process for managing contributions. Please see https://osmocom.org/projects/cellular-infrastructure/wiki/Gerrit for more details
The current patch queue for osmo-pcu can be seen at https://gerrit.osmocom.org/#/q/project:osmo-pcu+status:open