Changes
Started by upstream project gerrit-osmo-sgsn #572
Started 3 hr 5 min ago
Queued 8.1 sec
Took 2.4 sec
on build4-deb12build-ansible
sgsn_libgtp: fix NULL dereference in cb_delete_context()
sgsn_pdp_ctx_free() contains an abnormal path (with a backtrace log)
for the case where a PDP context is freed while its libgtp handle is
still attached. In that path, lib->priv is set to NULL to prevent
other callbacks (e.g. cb_data_ind()) from dereferencing the already-
freed sgsn_pdp_ctx.
When libgtp subsequently calls cb_delete_context() as part of its own
teardown, pdp->priv is NULL, causing an immediate NULL dereference at
the pctx->lib = NULL assignment.
Guard against this by returning early when priv is NULL: the SGSN-side
context is already gone, so there is nothing left for the callback to do.
Change-Id: I7d800766b08d87b6f2b23a0cd45435925f9998ff
sgsn_pdp_ctx_free() contains an abnormal path (with a backtrace log)
for the case where a PDP context is freed while its libgtp handle is
still attached. In that path, lib->priv is set to NULL to prevent
other callbacks (e.g. cb_data_ind()) from dereferencing the already-
freed sgsn_pdp_ctx.
When libgtp subsequently calls cb_delete_context() as part of its own
teardown, pdp->priv is NULL, causing an immediate NULL dereference at
the pctx->lib = NULL assignment.
Guard against this by returning early when priv is NULL: the SGSN-side
context is already gone, so there is nothing left for the callback to do.
Change-Id: I7d800766b08d87b6f2b23a0cd45435925f9998ff