Change in ...osmo-ggsn[master]: gtp_update_pdp_ind(): fix NULL-pointer dereference

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.

laforge gerrit-no-reply at lists.osmocom.org
Mon Sep 2 09:03:44 UTC 2019


laforge has submitted this change and it was merged. ( https://gerrit.osmocom.org/c/osmo-ggsn/+/15367 )

Change subject: gtp_update_pdp_ind(): fix NULL-pointer dereference
......................................................................

gtp_update_pdp_ind(): fix NULL-pointer dereference

As stated in the comment above, we need to use the tunnel identifier
to find a GTP context, and derive both IMSI and NSAPI from that TID,
when speaking GTP version 0.

This change fixes the following warnings (found with Clang):

  gtp.c:2115:22: warning: variable 'pdp' is uninitialized
			  when used here [-Wuninitialized]
		 pdp_set_imsi_nsapi(pdp, tid);
				    ^^^

  gtp.c:2118:34: warning: variable 'imsi' is uninitialized
			  when used here [-Wuninitialized]
		 if (gtp_pdp_getimsi(gsn, &pdp, imsi, nsapi))
						^^^^

  gtp.c:2118:40: warning: variable 'nsapi' is uninitialized
			  when used here [-Wuninitialized]
		 if (gtp_pdp_getimsi(gsn, &pdp, imsi, nsapi))
						      ^^^^^

Change-Id: I8f1c8d0ba2e8189d97fe1bb5c872680e5ad1cd7a
---
M gtp/gtp.c
1 file changed, 4 insertions(+), 5 deletions(-)

Approvals:
  pespin: Looks good to me, approved
  Jenkins Builder: Verified



diff --git a/gtp/gtp.c b/gtp/gtp.c
index 88248d1..7cb82b6 100644
--- a/gtp/gtp.c
+++ b/gtp/gtp.c
@@ -2084,12 +2084,8 @@
 	/* For GTP1 we must use imsi and nsapi if imsi is present. Otherwise */
 	/* we have to use the tunnel endpoint identifier */
 	if (version == 0) {
-		uint64_t tid = be64toh(((union gtp_packet *)pack)->gtp0.h.tid);
-
-		pdp_set_imsi_nsapi(pdp, tid);
-
 		/* Find the context in question */
-		if (gtp_pdp_getimsi(gsn, &pdp, imsi, nsapi)) {
+		if (gtp_pdp_tidget(gsn, &pdp, get_tid(pack))) {
 			gsn->err_unknownpdp++;
 			GTP_LOGPKG(LOGL_ERROR, peer, pack,
 				    len, "Unknown PDP context\n");
@@ -2097,6 +2093,9 @@
 						   len, NULL,
 						   GTPCAUSE_NON_EXIST);
 		}
+
+		/* Update IMSI and NSAPI */
+		pdp_set_imsi_nsapi(pdp, get_tid(pack));
 	} else if (version == 1) {
 		/* NSAPI (mandatory) */
 		if (gtpie_gettv1(ie, GTPIE_NSAPI, 0, &nsapi)) {

-- 
To view, visit https://gerrit.osmocom.org/c/osmo-ggsn/+/15367
To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings

Gerrit-Project: osmo-ggsn
Gerrit-Branch: master
Gerrit-Change-Id: I8f1c8d0ba2e8189d97fe1bb5c872680e5ad1cd7a
Gerrit-Change-Number: 15367
Gerrit-PatchSet: 2
Gerrit-Owner: fixeria <axilirator at gmail.com>
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: fixeria <axilirator at gmail.com>
Gerrit-Reviewer: laforge <laforge at gnumonks.org>
Gerrit-Reviewer: pespin <pespin at sysmocom.de>
Gerrit-MessageType: merged
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osmocom.org/pipermail/gerrit-log/attachments/20190902/1541bbdf/attachment.htm>


More information about the gerrit-log mailing list