From c78b8dda5611cdb639c24a5f2ef13f71325a6ea6 Mon Sep 17 00:00:00 2001
From: Guido Casati <guido.casati@firecell.io>
Date: Wed, 24 Jul 2024 10:29:02 +0200
Subject: [PATCH] Fix memory leak in PDU Session Setup Request

* fill_DRB_configList_e1 is filling `DRB_configList->list` then passing to PDCP
* the contents of the struct are allocated but seem not to be freed
* the following mem leak was detected by ASAN

```
Direct leak of 32 byte(s) in 1 object(s) allocated from:
   *0 0x7ffff74b4c38 in __interceptor_realloc /src/libsanitizer/asan/asan_malloc_linux.cpp:164
   *1 0x55555caa6a3e in asn_set_add /cmake_targets/ran_build/build/openair2/RRC/LTE/MESSAGES/asn_SET_OF.c:27
   *2 0x55555c8b8bb6 in fill_DRB_configList_e1 /openair2/LAYER2/nr_pdcp/cucp_cuup_handler.c:42
   *3 0x55555c8be6eb in e1_bearer_context_setup /openair2/LAYER2/nr_pdcp/cucp_cuup_handler.c:189
   *4 0x55555d329668 in cucp_cuup_bearer_context_setup_direct /openair2/RRC/NR/cucp_cuup_direct.c:31
   *5 0x55555b9a2c37 in trigger_bearer_setup /openair2/RRC/NR/rrc_gNB_NGAP.c:437
   *6 0x55555b9b54bf in rrc_gNB_process_NGAP_PDUSESSION_SETUP_REQ /openair2/RRC/NR/rrc_gNB_NGAP.c:830
   *7 0x55555b936871 in rrc_gnb_task /openair2/RRC/NR/rrc_gNB.c:2428
   *8 0x7ffff5e94ac2 in start_thread nptl/pthread_create.c:442
```

* using ASN_STRUCT_RESET to free the memory used by the members of the structure
  without freeing the structure pointer which is allocated on the stack
---
 openair2/LAYER2/nr_pdcp/cucp_cuup_handler.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/openair2/LAYER2/nr_pdcp/cucp_cuup_handler.c b/openair2/LAYER2/nr_pdcp/cucp_cuup_handler.c
index 414edb052b6..0cccdbcb6cc 100644
--- a/openair2/LAYER2/nr_pdcp/cucp_cuup_handler.c
+++ b/openair2/LAYER2/nr_pdcp/cucp_cuup_handler.c
@@ -196,6 +196,7 @@ void e1_bearer_context_setup(const e1ap_bearer_setup_req_t *req)
                      cu_up_ue_id,
                      &DRB_configList,
                      &security_parameters);
+    ASN_STRUCT_RESET(asn_DEF_NR_DRB_ToAddModList, &DRB_configList.list);
     if (f1inst >= 0) { /* we have F1(-U) */
       teid_t dummy_teid = 0xffff; // we will update later with answer from DU
       in_addr_t dummy_address = {0}; // IPv4, updated later with answer from DU
-- 
GitLab