This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.
laforge gerrit-no-reply at lists.osmocom.orglaforge has submitted this change and it was merged. ( https://gerrit.osmocom.org/c/osmo-hlr/+/14925 ) Change subject: hlr_ussd.c: rx_proc_ss_req(): fix NULL pointer dereference ...................................................................... hlr_ussd.c: rx_proc_ss_req(): fix NULL pointer dereference The SS payload is mandatory for GSUP PROC_SS_{REQ,RSP} messages with session state BEGIN or CONTINUE, and optional for the END. Make sure that it's present for both BEGIN and CONTINUE, consider received message as incorrect otherwise. In case of the END, call handle_ussd() / handle_ss() only if SS payload is present. Change-Id: Ia71cabbf396bd1388e764a1749e953ac1782e307 Fixes: CID#188841 --- M src/hlr_ussd.c 1 file changed, 16 insertions(+), 6 deletions(-) Approvals: Jenkins Builder: Verified pespin: Looks good to me, but someone else must approve laforge: Looks good to me, approved diff --git a/src/hlr_ussd.c b/src/hlr_ussd.c index 773c571..1568815 100644 --- a/src/hlr_ussd.c +++ b/src/hlr_ussd.c @@ -519,6 +519,11 @@ /* FIXME: Send a Reject component? */ goto out_err; } + } else if (gsup->session_state != OSMO_GSUP_SESSION_STATE_END) { + LOGP(DSS, LOGL_ERROR, "%s/0x%082x: Missing SS payload for '%s'\n", + gsup->imsi, gsup->session_id, + osmo_gsup_session_state_name(gsup->session_state)); + goto out_err; } switch (gsup->session_state) { @@ -606,13 +611,18 @@ gsup->imsi, gsup->session_id); goto out_err; } - if (ss_op_is_ussd(req.opcode)) { - /* dispatch unstructured SS to routing */ - handle_ussd(conn, ss, gsup, &req); - } else { - /* dispatch non-call SS to internal code */ - handle_ss(ss, gsup, &req); + + /* SS payload is optional for END */ + if (gsup->ss_info && gsup->ss_info_len) { + if (ss_op_is_ussd(req.opcode)) { + /* dispatch unstructured SS to routing */ + handle_ussd(conn, ss, gsup, &req); + } else { + /* dispatch non-call SS to internal code */ + handle_ss(ss, gsup, &req); + } } + ss_session_free(ss); break; default: -- To view, visit https://gerrit.osmocom.org/c/osmo-hlr/+/14925 To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: osmo-hlr Gerrit-Branch: master Gerrit-Change-Id: Ia71cabbf396bd1388e764a1749e953ac1782e307 Gerrit-Change-Number: 14925 Gerrit-PatchSet: 1 Gerrit-Owner: fixeria <axilirator at gmail.com> Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: fixeria <axilirator at gmail.com> Gerrit-Reviewer: laforge <laforge at gnumonks.org> Gerrit-Reviewer: pespin <pespin at sysmocom.de> Gerrit-MessageType: merged -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.osmocom.org/pipermail/gerrit-log/attachments/20190724/4becfb29/attachment.htm>