[MERGED] libosmocore[master]: tlv_put: guard against NULL val and 0 len

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.

Neels Hofmeyr gerrit-no-reply at lists.osmocom.org
Mon Nov 20 16:23:09 UTC 2017


Neels Hofmeyr has submitted this change and it was merged.

Change subject: tlv_put: guard against NULL val and 0 len
......................................................................


tlv_put: guard against NULL val and 0 len

For example encode_auth_info() from gsup.c calls
  msgb_tlv_put(msg, iei, 0, NULL)
to put a tag and len with content data following later.

However, this would cause a memcpy() from a NULL pointer, in tlv_put(). Allow
passing NULL and len = 0 for cases like the above:

If val is NULL, use memset(0) instead of memcpy().
If len is zero, do not copy nor memset anything.

Hence make tlv_put() behave in a well-defined and valid way for any and all
input args; no negative fallout is possible from this patch.

Add proper API doc comment.

Fixes a sanitizer build failure in gsup_test:

  ../../../../src/libosmocore/include/osmocom/gsm/tlv.h:99:2: runtime error: null pointer passed as argument 2, which is declared to never be null

Helps fix sanitizer build on debian 9.

Change-Id: I13dce9cd1228817890d3e81edeeb660c893c1d64
---
M include/osmocom/gsm/tlv.h
1 file changed, 13 insertions(+), 2 deletions(-)

Approvals:
  Harald Welte: Looks good to me, approved



diff --git a/include/osmocom/gsm/tlv.h b/include/osmocom/gsm/tlv.h
index 5bf4a87..8654893 100644
--- a/include/osmocom/gsm/tlv.h
+++ b/include/osmocom/gsm/tlv.h
@@ -90,13 +90,24 @@
 	return buf + len;
 }
 
-/*! put (append) a TLV field */
+/*! Append a TLV field, a Tag-Length-Value field.
+ * \param[out] buf  Location in a buffer to append TLV at.
+ * \param[in] tag  Tag id to write.
+ * \param[in] len  Length field to write and amount of bytes to append.
+ * \param[in] val  Pointer to data to append, or NULL to append zero data.
+ * Always append tag and length. Append \a len bytes read from \a val. If val is NULL, append \a len zero
+ * bytes instead. If \a len is zero, do not append any data apart from tag and length. */
 static inline uint8_t *tlv_put(uint8_t *buf, uint8_t tag, uint8_t len,
 				const uint8_t *val)
 {
 	*buf++ = tag;
 	*buf++ = len;
-	memcpy(buf, val, len);
+	if (len) {
+		if (val)
+			memcpy(buf, val, len);
+		else
+			memset(buf, 0, len);
+	}
 	return buf + len;
 }
 

-- 
To view, visit https://gerrit.osmocom.org/4874
To unsubscribe, visit https://gerrit.osmocom.org/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I13dce9cd1228817890d3e81edeeb660c893c1d64
Gerrit-PatchSet: 3
Gerrit-Project: libosmocore
Gerrit-Branch: master
Gerrit-Owner: Neels Hofmeyr <nhofmeyr at sysmocom.de>
Gerrit-Reviewer: Harald Welte <laforge at gnumonks.org>
Gerrit-Reviewer: Jenkins Builder



More information about the gerrit-log mailing list