[PATCH] osmo-mgw[master]: osmux: fix nullpointer dereference

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.

Neels Hofmeyr gerrit-no-reply at lists.osmocom.org
Fri Nov 10 21:29:58 UTC 2017


Hello Harald Welte, Jenkins Builder,

I'd like you to reexamine a change.  Please visit

    https://gerrit.osmocom.org/4711

to look at the new patch set (#3).

osmux: fix nullpointer dereference

in point_lookup() the connection pointer is determined using
mgcp_conn_get_rtp() this function may return 0. At the moment
there are no nullpointer checks implemented

Add checks to test for nullpointer.

Fixes: Coverity CID#178662
Change-Id: If9a3c1ac002bc8adc90ca1c1c3dd1db4feea07ac
---
M src/libosmo-mgcp/mgcp_osmux.c
1 file changed, 10 insertions(+), 3 deletions(-)


  git pull ssh://gerrit.osmocom.org:29418/osmo-mgw refs/changes/11/4711/3

diff --git a/src/libosmo-mgcp/mgcp_osmux.c b/src/libosmo-mgcp/mgcp_osmux.c
index 60ffe06..09b2636 100644
--- a/src/libosmo-mgcp/mgcp_osmux.c
+++ b/src/libosmo-mgcp/mgcp_osmux.c
@@ -207,12 +207,18 @@
 		case MGCP_DEST_NET:
 			/* FIXME: Get rid of CONN_ID_XXX! */
 			conn_net = mgcp_conn_get_rtp(endp, CONN_ID_NET);
-			this = &conn_net->end.addr;
+			if (conn_net)
+				this = &conn_net->end.addr;
+			else
+				this = NULL;
 			break;
 		case MGCP_DEST_BTS:
 			/* FIXME: Get rid of CONN_ID_XXX! */
 			conn_bts = mgcp_conn_get_rtp(endp, CONN_ID_BTS);
-			this = &conn_bts->end.addr;
+			if (conn_bts)
+				this = &conn_bts->end.addr;
+			else
+				this = NULL;
 			break;
 		default:
 			/* Should not ever happen */
@@ -222,7 +228,8 @@
 
 		/* FIXME: Get rid of CONN_ID_XXX! */
 		conn_net = mgcp_conn_get_rtp(endp, CONN_ID_NET);
-		if (conn_net->osmux.cid == cid && this->s_addr == from_addr->s_addr)
+		if (conn_net && this && conn_net->osmux.cid == cid
+		    && this->s_addr == from_addr->s_addr)
 			return endp;
 	}
 

-- 
To view, visit https://gerrit.osmocom.org/4711
To unsubscribe, visit https://gerrit.osmocom.org/settings

Gerrit-MessageType: newpatchset
Gerrit-Change-Id: If9a3c1ac002bc8adc90ca1c1c3dd1db4feea07ac
Gerrit-PatchSet: 3
Gerrit-Project: osmo-mgw
Gerrit-Branch: master
Gerrit-Owner: dexter <pmaier at sysmocom.de>
Gerrit-Reviewer: Harald Welte <laforge at gnumonks.org>
Gerrit-Reviewer: Jenkins Builder



More information about the gerrit-log mailing list