From cad54b8fb7b0eaec12ee13a5b5cc9ef920152fd2 Mon Sep 17 00:00:00 2001 From: Andreas Eversberg Date: Tue, 9 Jul 2013 20:25:24 +0200 Subject: LAPD: Free resume/re-establishment msgb if it carries no content lapdm.c takes the re-establishment message and forwards it to lapd_core.c, so we can assume that msgb is set at primitive. In case there is data in the re-establishment msg, it is moved into send_buffer. In case of no data (0 length), it must be freed. Fixes an issue spotted by Coverity Scan. --- src/gsm/lapd_core.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'src/gsm') diff --git a/src/gsm/lapd_core.c b/src/gsm/lapd_core.c index 68b5e784..3288ee86 100644 --- a/src/gsm/lapd_core.c +++ b/src/gsm/lapd_core.c @@ -1962,11 +1962,14 @@ static int lapd_res_req(struct osmo_dlsap_prim *dp, struct lapd_msg_ctx *lctx) if (dl->send_buffer) msgb_free(dl->send_buffer); dl->send_out = 0; - if (msg && msg->len) + if (msg->len) { /* Write data into the send buffer, to be sent first */ dl->send_buffer = msg; - else + } else { + msgb_free(msg); + msg = NULL; dl->send_buffer = NULL; + } /* Discard partly received L3 message */ if (dl->rcv_buffer) { -- cgit v1.2.3