Change in libosmo-pfcp[master]: clarify API doc for osmo_pfcp_endpoint_tx()

Thu, 09 Feb 2023 18:24:06 -0800 

neels has submitted this change. ( 
https://gerrit.osmocom.org/c/libosmo-pfcp/+/31260 )

Change subject: clarify API doc for osmo_pfcp_endpoint_tx()
......................................................................

clarify API doc for osmo_pfcp_endpoint_tx()

I recently discovered some use-after-free in osmo-upf by wrong API usage
of osmo_pfcp_endpoint_tx(). Highlight this pitfall in API doc.

Change-Id: I637e7bb5d1296b5ad8db8ab0b8151fdbb9e7be03
---
M src/libosmo-pfcp/pfcp_endpoint.c
1 file changed, 6 insertions(+), 1 deletion(-)

Approvals:
  laforge: Looks good to me, approved
  pespin: Looks good to me, but someone else must approve
  Jenkins Builder: Verified



diff --git a/src/libosmo-pfcp/pfcp_endpoint.c b/src/libosmo-pfcp/pfcp_endpoint.c
index 83a689f..7e08d8e 100644
--- a/src/libosmo-pfcp/pfcp_endpoint.c
+++ b/src/libosmo-pfcp/pfcp_endpoint.c
@@ -326,7 +326,12 @@
  * Store the message in the local message queue for possible retransmissions.
  * On success, return zero, and pass ownership of m to ep. ep deallocates m 
when all retransmissions are done / a reply
  * has been received.
- * On error, return nonzero, and immediately deallocate m. */
+ * On error, return nonzero, and immediately deallocate m.
+ *
+ * WARNING: Do not access the osmo_pfcp_msg m after calling this function! In 
most cases, m will still remain allocated,
+ * and accessing it will work, but especially when an error occurs, m will be 
deallocated immediately. Hence, you will
+ * see no problem during normal successful operation, but your program will 
crash with use-after-free on any error!
+ */
 int osmo_pfcp_endpoint_tx(struct osmo_pfcp_endpoint *ep, struct osmo_pfcp_msg 
*m)
 {
        struct osmo_pfcp_ie_node_id *node_id;

--
To view, visit https://gerrit.osmocom.org/c/libosmo-pfcp/+/31260
To unsubscribe, or for help writing mail filters, visit 
https://gerrit.osmocom.org/settings

Gerrit-Project: libosmo-pfcp
Gerrit-Branch: master
Gerrit-Change-Id: I637e7bb5d1296b5ad8db8ab0b8151fdbb9e7be03
Gerrit-Change-Number: 31260
Gerrit-PatchSet: 2
Gerrit-Owner: neels <[email protected]>
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: laforge <[email protected]>
Gerrit-Reviewer: neels <[email protected]>
Gerrit-Reviewer: pespin <[email protected]>
Gerrit-MessageType: merged

Reply via email to