From bf4392c2baff6eac938edf71450f85ef48c311f6 Mon Sep 17 00:00:00 2001 From: Neels Hofmeyr Date: Wed, 11 Jul 2018 05:01:26 +0200 Subject: fix two memleaks in ipa_rx_msg_sccp() 1: Do not call xua_msg_alloc() which is later bluntly overwritten by m3ua_xfer_from_data(). 2: After dispatching to m3ua_hmdc_rx_from_l2(), call xua_msg_free(). Related: OS#3393 Change-Id: I0918f9bbc15b036619f1c25a133b69819b2a30fa --- src/ipa.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/ipa.c b/src/ipa.c index e15b1d8..f3a7a52 100644 --- a/src/ipa.c +++ b/src/ipa.c @@ -202,8 +202,9 @@ static struct msgb *patch_sccp_with_pc(struct osmo_ss7_asp *asp, struct msgb *sc static int ipa_rx_msg_sccp(struct osmo_ss7_asp *asp, struct msgb *msg) { + int rc; struct m3ua_data_hdr data_hdr; - struct xua_msg *xua = xua_msg_alloc(); + struct xua_msg *xua; struct osmo_ss7_as *as = find_as_for_asp(asp); uint32_t opc, dpc; @@ -263,7 +264,9 @@ static int ipa_rx_msg_sccp(struct osmo_ss7_asp *asp, struct msgb *msg) m3ua_dh_to_xfer_param(&xua->mtp, &data_hdr); /* Pass on as if we had received it from an M3UA ASP */ - return m3ua_hmdc_rx_from_l2(asp->inst, xua); + rc = m3ua_hmdc_rx_from_l2(asp->inst, xua); + xua_msg_free(xua); + return rc; } /*! \brief process M3UA message received from socket -- cgit v1.2.3