[PATCH] libosmocore[master]: lapd_core: Fix crash in lapd_est_req() function

2017-09-01 Thread Ivan Kluchnikov
Hello Jenkins Builder,

I'd like you to reexamine a change.  Please visit

https://gerrit.osmocom.org/3467

to look at the new patch set (#2).

lapd_core: Fix crash in lapd_est_req() function

lapd_est_req() function could be called on uninitialized lapd link
(before lapd_dl_init() and after lapd_dl_exit() functions) due to
invalid usage on higher levels.
In order to prevent using uninitialized lapd link, we should set
LAPD_STATE_NULL state for lapd_datalink in lapd_dl_exit() function.
So all messages for lapd_datalink in null state will be unhandled by
lapd_recv_dlsap() function and lapd_est_req() function will not be
called before lapd_dl_init() function where lapd link state is changed
to idle.

 #0  0x7f46ecd99aa5 in lapd_est_req (dp=, 
lctx=0x7f46ed80b8b8) at
 lapd_core.c:1769
 #1  0x7f46ecd9dda8 in rslms_rx_rll_est_req (msg=msg@entry=0x7f46eeab4940,
 dl=dl@entry=0x7f46ed80b888) at lapdm.c:845
 #2  0x7f46ecd9fc03 in rslms_rx_rll (lc=0x7f46ed80b398, msg=0x7f46eeab4940) 
at
 lapdm.c:1157
 #3  lapdm_rslms_recvmsg (msg=0x7f46eeab4940, lc=0x7f46ed80b398) at lapdm.c:1223
 #4  0x7f46ed63773d in rsl_rx_rll (msg=, trx=) at
 rsl.c:2178
 #5  down_rsl (trx=, msg=) at rsl.c:2541
 #6  0x7f46ed641529 in sign_link_cb (msg=) at abis.c:169
 #7  0x7f46ec54b111 in ipaccess_bts_read_cb (link=0x7f46eeab4940, msg=0x0) 
at
 input/ipaccess.c:807
 #8  0x7f46ec548a8e in ipa_client_read (link=0x7f46ee26ae30) at 
input/ipa.c:74
 #9  ipa_client_fd_cb (ofd=, what=1) at input/ipa.c:137
 #10 0x7f46ecfc726f in osmo_fd_disp_fds (_eset=0x7ffe7a9fcd20, 
_wset=0x7ffe7a9fcca0,
 _rset=0x7ffe7a9fcc20) at select.c:167
 #11 osmo_select_main (polling=polling@entry=0) at select.c:207
 #12 0x7f46ed63fc25 in bts_main (argc=5, argv=) at main.c:359
 #13 0x7f46ebd76f45 in __libc_start_main (main=0x7f46ed61b120 , 
argc=5,
 argv=0x7ffe7a9fcf18, init=, fini=, 
rtld_fini=,
 #14 0x7f46ed61b14e in _start ()

Related: OS#1982
Change-Id: I306dad9b78e3becaef14c5305ec25c312feefe3c
---
M src/gsm/lapd_core.c
1 file changed, 4 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.osmocom.org:29418/libosmocore refs/changes/67/3467/2

diff --git a/src/gsm/lapd_core.c b/src/gsm/lapd_core.c
index 166bf9a..6b58006 100644
--- a/src/gsm/lapd_core.c
+++ b/src/gsm/lapd_core.c
@@ -326,6 +326,10 @@
 {
/* free all ressources except history buffer */
lapd_dl_reset(dl);
+
+   /* enter null state */
+   lapd_dl_newstate(dl, LAPD_STATE_NULL);
+
/* free history buffer list */
talloc_free(dl->tx_hist);
dl->tx_hist = NULL;

-- 
To view, visit https://gerrit.osmocom.org/3467
To unsubscribe, visit https://gerrit.osmocom.org/settings

Gerrit-MessageType: newpatchset
Gerrit-Change-Id: I306dad9b78e3becaef14c5305ec25c312feefe3c
Gerrit-PatchSet: 2
Gerrit-Project: libosmocore
Gerrit-Branch: master
Gerrit-Owner: Ivan Kluchnikov 
Gerrit-Reviewer: Alexander Chemeris 
Gerrit-Reviewer: Harald Welte 
Gerrit-Reviewer: Holger Freyther 
Gerrit-Reviewer: Ivan Kluchnikov 
Gerrit-Reviewer: Jenkins Builder


[PATCH] libosmocore[master]: lapd_core: Fix crash in lapd_est_req() function

2017-08-10 Thread Ivan Kluchnikov

Review at  https://gerrit.osmocom.org/3467

lapd_core: Fix crash in lapd_est_req() function

lapd_est_req() function could be called on uninitialized lapd link
(before lapd_dl_init() and after lapd_dl_exit() functions) due to
invalid usage on higher levels.
In order to prevent using uninitialized lapd link, we should set
LAPD_STATE_NULL state for lapd_datalink in lapd_dl_exit() function.
So all messages for lapd_datalink in null state will be unhandled by
lapd_recv_dlsap() function and lapd_est_req() function will not be
called before lapd_dl_init() function where lapd link state is changed
to idle.

Change-Id: I306dad9b78e3becaef14c5305ec25c312feefe3c
Related: OS#1982
---
M src/gsm/lapd_core.c
1 file changed, 4 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.osmocom.org:29418/libosmocore refs/changes/67/3467/1

diff --git a/src/gsm/lapd_core.c b/src/gsm/lapd_core.c
index 166bf9a..6b58006 100644
--- a/src/gsm/lapd_core.c
+++ b/src/gsm/lapd_core.c
@@ -326,6 +326,10 @@
 {
/* free all ressources except history buffer */
lapd_dl_reset(dl);
+
+   /* enter null state */
+   lapd_dl_newstate(dl, LAPD_STATE_NULL);
+
/* free history buffer list */
talloc_free(dl->tx_hist);
dl->tx_hist = NULL;

-- 
To view, visit https://gerrit.osmocom.org/3467
To unsubscribe, visit https://gerrit.osmocom.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I306dad9b78e3becaef14c5305ec25c312feefe3c
Gerrit-PatchSet: 1
Gerrit-Project: libosmocore
Gerrit-Branch: master
Gerrit-Owner: Ivan Kluchnikov