This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.
dexter gerrit-no-reply at lists.osmocom.orgdexter has uploaded this change for review. ( https://gerrit.osmocom.org/12481
Change subject: gsm_04_08: Fix nullpointer deref
......................................................................
gsm_04_08: Fix nullpointer deref
The pointers conn, conn->vsub and conn->vsub->last_tuple are checked,
but before the check those pointers are already dereferenced during
assignment. This defeats the purpose of the check. Lets dereference
those pointers after the check.
Fixes: CID#190404
Change-Id: Ice4992606f3799eac13154ec0b9f53e46d2e178e
---
M src/libmsc/gsm_04_08.c
1 file changed, 5 insertions(+), 2 deletions(-)
git pull ssh://gerrit.osmocom.org:29418/osmo-msc refs/changes/81/12481/1
diff --git a/src/libmsc/gsm_04_08.c b/src/libmsc/gsm_04_08.c
index 7ff8681..d45de16 100644
--- a/src/libmsc/gsm_04_08.c
+++ b/src/libmsc/gsm_04_08.c
@@ -1596,12 +1596,12 @@
int ran_conn_geran_set_cipher_mode(struct ran_conn *conn, bool umts_aka, bool retrieve_imeisv)
{
- struct gsm_network *net = conn->network;
+ struct gsm_network *net;
struct gsm0808_encrypt_info ei;
int i, j = 0;
int request_classmark = 0;
int request_classmark_for_a5_n = 0;
- struct vlr_auth_tuple *tuple = conn->vsub->last_tuple;
+ struct vlr_auth_tuple *tuple;
if (!conn || !conn->vsub || !conn->vsub->last_tuple) {
/* This should really never happen, because we checked this in msc_vlr_set_ciph_mode()
@@ -1610,6 +1610,9 @@
return -EINVAL;
}
+ net = conn->network;
+ tuple = conn->vsub->last_tuple;
+
for (i = 0; i < 8; i++) {
int supported;
--
To view, visit https://gerrit.osmocom.org/12481
To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings
Gerrit-Project: osmo-msc
Gerrit-Branch: master
Gerrit-MessageType: newchange
Gerrit-Change-Id: Ice4992606f3799eac13154ec0b9f53e46d2e178e
Gerrit-Change-Number: 12481
Gerrit-PatchSet: 1
Gerrit-Owner: dexter <pmaier at sysmocom.de>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osmocom.org/pipermail/gerrit-log/attachments/20190108/1a8d6069/attachment.htm>