[PATCH] openbsc[master]: sndcp: fixup for coverity scan defect CID 149097

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.

dexter gerrit-no-reply at lists.osmocom.org
Fri Nov 25 14:38:23 UTC 2016


Review at  https://gerrit.osmocom.org/1279

sndcp: fixup for coverity scan defect CID 149097

Coverity scan detects a Null pointer deref (FORWARD_NULL) in
gprs_sndcp_comp.c: 67 in gprs_sndcp_comp_create().

The reason for this is that gprs_sndcp_dcomp_init() and also
gprs_sndcp_pcomp_init() rely on the comp_entity->algo algo
flag. If the program logic is correct a null pointer deref
should never occur.

This commit adds OSMO_ASSERT() statements to ensure a null
pointer deref is catched if if the ...comp_init() functions
are used with incorrect parameters.

Change-Id: I7748f06d1739a697edad5100a031e5aa1ef11ed1
---
M openbsc/src/gprs/gprs_sndcp_dcomp.c
M openbsc/src/gprs/gprs_sndcp_pcomp.c
2 files changed, 2 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.osmocom.org:29418/openbsc refs/changes/79/1279/1

diff --git a/openbsc/src/gprs/gprs_sndcp_dcomp.c b/openbsc/src/gprs/gprs_sndcp_dcomp.c
index 489106b..b0f95b4 100644
--- a/openbsc/src/gprs/gprs_sndcp_dcomp.c
+++ b/openbsc/src/gprs/gprs_sndcp_dcomp.c
@@ -84,6 +84,7 @@
 
 	if (comp_entity->compclass == SNDCP_XID_DATA_COMPRESSION
 	    && comp_entity->algo == V42BIS) {
+		OSMO_ASSERT(comp_field->v42bis_params);
 		comp_entity->state =
 		    v42bis_init(ctx, NULL, comp_field->v42bis_params->p0,
 				comp_field->v42bis_params->p1,
diff --git a/openbsc/src/gprs/gprs_sndcp_pcomp.c b/openbsc/src/gprs/gprs_sndcp_pcomp.c
index 493b263..a2236c3 100644
--- a/openbsc/src/gprs/gprs_sndcp_pcomp.c
+++ b/openbsc/src/gprs/gprs_sndcp_pcomp.c
@@ -54,6 +54,7 @@
 
 	if (comp_entity->compclass == SNDCP_XID_PROTOCOL_COMPRESSION
 	    && comp_entity->algo == RFC_1144) {
+		OSMO_ASSERT(comp_field->rfc1144_params);
 		comp_entity->state =
 		    slhc_init(ctx, comp_field->rfc1144_params->s01 + 1,
 			      comp_field->rfc1144_params->s01 + 1);

-- 
To view, visit https://gerrit.osmocom.org/1279
To unsubscribe, visit https://gerrit.osmocom.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I7748f06d1739a697edad5100a031e5aa1ef11ed1
Gerrit-PatchSet: 1
Gerrit-Project: openbsc
Gerrit-Branch: master
Gerrit-Owner: dexter <pmaier at sysmocom.de>



More information about the gerrit-log mailing list