gsm_04_11: Attempt to fix some possible memory leaks in the SMS code
Sometimes we need to free the SMS, sometimes also the transaction.
diff --git a/openbsc/src/gsm_04_11.c b/openbsc/src/gsm_04_11.c
index 5d91516..c914d82 100644
--- a/openbsc/src/gsm_04_11.c
+++ b/openbsc/src/gsm_04_11.c
@@ -546,8 +546,10 @@
gsms->data_coding_scheme = *smsp++;
sms_alphabet = gsm338_get_sms_alphabet(gsms->data_coding_scheme);
- if (sms_alphabet == 0xffffffff)
+ if (sms_alphabet == 0xffffffff) {
+ sms_free(gsms);
return GSM411_RP_CAUSE_MO_NET_OUT_OF_ORDER;
+ }
switch (sms_vpf) {
case GSM340_TP_VPF_RELATIVE:
@@ -1029,6 +1031,7 @@
transaction_id = trans_assign_trans_id(conn->subscr, GSM48_PDISC_SMS, 0);
if (transaction_id == -1) {
LOGP(DSMS, LOGL_ERROR, "No available transaction ids\n");
+ sms_free(sms);
return -EBUSY;
}
@@ -1039,6 +1042,7 @@
transaction_id, new_callref++);
if (!trans) {
LOGP(DSMS, LOGL_ERROR, "No memory for trans\n");
+ sms_free(sms);
/* FIXME: send some error message */
return -ENOMEM;
}
@@ -1072,6 +1076,8 @@
/* generate the 03.40 TPDU */
rc = gsm340_gen_tpdu(msg, sms);
if (rc < 0) {
+ trans_free(trans);
+ sms_free(sms);
msgb_free(msg);
return rc;
}