aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorHarald Welte <laforge@gnumonks.org>2016-01-01 16:43:59 +0100
committerHarald Welte <laforge@gnumonks.org>2016-01-01 16:47:13 +0100
commit74157f6120d285a187ae9377e046c59783a64137 (patch)
treebe6606e0722d68f8d7b2c0b69aa680b9313c33ae
parent962da50e082b6ad262c533ab185eee0e9a770e60 (diff)
ranap_msg_factory: Fix memory leaks in OCTET_STRING
the 'ies' types do not have a free() function, and thus we have to avoid using any functions that dynamically allocate memory, such as OCTET_STRING_fromBuf.
-rw-r--r--src/ranap_msg_factory.c19
1 files changed, 10 insertions, 9 deletions
diff --git a/src/ranap_msg_factory.c b/src/ranap_msg_factory.c
index 634e2a1..3e69c48 100644
--- a/src/ranap_msg_factory.c
+++ b/src/ranap_msg_factory.c
@@ -86,7 +86,7 @@ struct msgb *ranap_new_msg_reset_ack(RANAP_CN_DomainIndicator_t domain,
* ACKNOWLEDGE message to the CN */
if (rnc_id) {
ies.presenceMask = RESETACKNOWLEDGEIES_RANAP_GLOBALRNC_ID_PRESENT;
- OCTET_STRING_fromBuf(&ies.globalRNC_ID.pLMNidentity,
+ OCTET_STRING_noalloc(&ies.globalRNC_ID.pLMNidentity,
rnc_id->pLMNidentity.buf,
rnc_id->pLMNidentity.size);
ies.globalRNC_ID.rNC_ID = rnc_id->rNC_ID;
@@ -130,16 +130,16 @@ struct msgb *ranap_new_msg_initial_ue(uint32_t conn_id, int is_ps,
else
ies.cN_DomainIndicator = RANAP_CN_DomainIndicator_cs_domain;
- OCTET_STRING_fromBuf(&ies.lai.pLMNidentity, rnc_id->pLMNidentity.buf, rnc_id->pLMNidentity.size);
- OCTET_STRING_fromBuf(&ies.lai.lAC, (uint8_t *)&buf0, sizeof(buf0));
+ OCTET_STRING_noalloc(&ies.lai.pLMNidentity, rnc_id->pLMNidentity.buf, rnc_id->pLMNidentity.size);
+ OCTET_STRING_noalloc(&ies.lai.lAC, (uint8_t *)&buf0, sizeof(buf0));
- OCTET_STRING_fromBuf(&ies.sai.pLMNidentity, rnc_id->pLMNidentity.buf, rnc_id->pLMNidentity.size);
- OCTET_STRING_fromBuf(&ies.sai.lAC, (uint8_t *)&buf0, sizeof(buf0));
- OCTET_STRING_fromBuf(&ies.sai.sAC, (uint8_t *)&buf0, sizeof(buf0));
+ OCTET_STRING_noalloc(&ies.sai.pLMNidentity, rnc_id->pLMNidentity.buf, rnc_id->pLMNidentity.size);
+ OCTET_STRING_noalloc(&ies.sai.lAC, (uint8_t *)&buf0, sizeof(buf0));
+ OCTET_STRING_noalloc(&ies.sai.sAC, (uint8_t *)&buf0, sizeof(buf0));
- OCTET_STRING_fromBuf(&ies.nas_pdu, nas_pdu, nas_len);
+ OCTET_STRING_noalloc(&ies.nas_pdu, nas_pdu, nas_len);
asn1_u24_to_bitstring(&ies.iuSigConId, &ctxidbuf, conn_id);
- OCTET_STRING_fromBuf(&ies.globalRNC_ID.pLMNidentity, rnc_id->pLMNidentity.buf, rnc_id->pLMNidentity.size);
+ OCTET_STRING_noalloc(&ies.globalRNC_ID.pLMNidentity, rnc_id->pLMNidentity.buf, rnc_id->pLMNidentity.size);
ies.globalRNC_ID.rNC_ID = rnc_id->rNC_ID;
memset(&out, 0, sizeof(out));
@@ -180,7 +180,8 @@ struct msgb *ranap_new_msg_dt(uint8_t sapi, const uint8_t *nas, unsigned int nas
else
ies.sapi = RANAP_SAPI_sapi_0;
- OCTET_STRING_fromBuf(&ies.nas_pdu, nas, nas_len);
+ /* Avoid copying + later freeing of OCTET STRING */
+ OCTET_STRING_noalloc(&ies.nas_pdu, nas, nas_len);
/* ies -> dt */
rc = ranap_encode_directtransferies(&dt, &ies);