sgsn_libgtp: fix a potential memleak when the GGSN is not reachable
When a MS does the following
- MS: GMM Attach
- MS: Activate PDP CTX
- SGSN: send PDP CTX Request to GGSN which GGSN does not answer
- GMM Detach (MM ctx get freed)
- libgtp retrans timeout of the first answer
- sgsn_libgtp.c: create_pdp_conf() which ignores this ctx because of emtpy MM ctx
Change-Id: I4575f7f80f785a62ae3b7f165d236a9dd818aabf
diff --git a/src/gprs/sgsn_libgtp.c b/src/gprs/sgsn_libgtp.c
index 7829796..478d402 100644
--- a/src/gprs/sgsn_libgtp.c
+++ b/src/gprs/sgsn_libgtp.c
@@ -390,15 +390,13 @@
static int create_pdp_conf(struct pdp_t *pdp, void *cbp, int cause)
{
struct sgsn_pdp_ctx *pctx = cbp;
- uint8_t reject_cause;
+ uint8_t reject_cause = 0;
LOGPDPCTXP(LOGL_INFO, pctx, "Received CREATE PDP CTX CONF, cause=%d(%s)\n",
cause, get_value_string(gtp_cause_strs, cause));
if (!pctx->mm) {
- LOGP(DGPRS, LOGL_INFO,
- "No MM context, aborting CREATE PDP CTX CONF\n");
- return -EIO;
+ goto reject;
}
/* Check for cause value if it was really successful */
@@ -452,9 +450,11 @@
if (pdp)
pdp_freepdp(pdp);
+
/* Send PDP CTX ACT REJ to MS */
- gsm48_tx_gsm_act_pdp_rej(pctx->mm, pctx->ti, reject_cause,
- 0, NULL);
+ if (pctx->mm)
+ gsm48_tx_gsm_act_pdp_rej(pctx->mm, pctx->ti, reject_cause,
+ 0, NULL);
sgsn_pdp_ctx_free(pctx);
return EOF;