rspro_client_fsm/remsim_client: Fix double-free respro_dec_msg() takes ownership of the input msgb in both successful and unsuccessful cases, so we must not call talloc_free on the resulting msgb. Change-Id: Id54d1b73395da1329a998d213c190da49eb90a93

commit: 9392e08011a244333ec186e6e0fbf8967d1aec7e [log] [tgz]
author: Harald Welte <laforge@gnumonks.org> Tue Jul 23 18:14:18 2019 +0200
committer: Harald Welte <laforge@gnumonks.org> Tue Jul 23 18:16:40 2019 +0200
tree: 07cb9d41b2a55423f0feab879875ee9144933497
parent: 2f238cfac9d2f9296a860c26afb5a834dfd533fa [diff] [blame]
diff --git a/src/rspro_client_fsm.c b/src/rspro_client_fsm.c
index 768c15f..06364da 100644
--- a/src/rspro_client_fsm.c
+++ b/src/rspro_client_fsm.c

@@ -130,6 +130,7 @@
 			break;
 		default:
 			break;
+		msgb_free(msg);
 		}
 		break;
 	case IPAC_PROTO_OSMO:
@@ -139,6 +140,8 @@
 		switch (he->proto) {
 		case IPAC_PROTO_EXT_RSPRO:
 			LOGPFSM(srvc->fi, "Received RSPRO %s\n", msgb_hexdump(msg));
+			/* respro_dec_msg() takes ownership of the input message buffer in successful
+			 * and unsuccessful cases */
 			pdu = rspro_dec_msg(msg);
 			if (!pdu)
 				goto invalid;
@@ -152,7 +155,6 @@
 	default:
 		goto invalid;
 	}
-	msgb_free(msg);
 	return rc;
 
 invalid:
commit	9392e08011a244333ec186e6e0fbf8967d1aec7e	[log] [tgz]
author	Harald Welte <laforge@gnumonks.org>	Tue Jul 23 18:14:18 2019 +0200
committer	Harald Welte <laforge@gnumonks.org>	Tue Jul 23 18:16:40 2019 +0200
tree	07cb9d41b2a55423f0feab879875ee9144933497
parent	2f238cfac9d2f9296a860c26afb5a834dfd533fa [diff] [blame]