Change in osmo-bsc[master]: gsm_08_08: fix NULL pointer dereference in bsc_cm_update()

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.

fixeria gerrit-no-reply at lists.osmocom.org
Wed Dec 2 10:46:01 UTC 2020


fixeria has uploaded this change for review. ( https://gerrit.osmocom.org/c/osmo-bsc/+/21454 )


Change subject: gsm_08_08: fix NULL pointer dereference in bsc_cm_update()
......................................................................

gsm_08_08: fix NULL pointer dereference in bsc_cm_update()

MS Classmark 3 is optional, and thus can be NULL.

Change-Id: I4f1455a3db4972ea9843564b590e405c51083b47
Fixes: I39ae439d05562b35b2e47774dc92f8789fea1a57
Fixes: CID#215593 "Explicit null dereferenced"
---
M src/osmo-bsc/gsm_08_08.c
1 file changed, 9 insertions(+), 7 deletions(-)



  git pull ssh://gerrit.osmocom.org:29418/osmo-bsc refs/changes/54/21454/1

diff --git a/src/osmo-bsc/gsm_08_08.c b/src/osmo-bsc/gsm_08_08.c
index 9c5cf2f..52a92c8 100644
--- a/src/osmo-bsc/gsm_08_08.c
+++ b/src/osmo-bsc/gsm_08_08.c
@@ -603,13 +603,15 @@
 	}
 	conn_update_ms_power_class(conn, rc8);
 
-        rc = gsm48_decode_classmark3(&conn->cm3, cm3, cm3_len);
-	if (rc < 0) {
-		LOGP(DMSC, LOGL_NOTICE, "Unable to decode classmark3 during CM Update.\n");
-		memset(&conn->cm3, 0, sizeof(conn->cm3));
-		conn->cm3_valid = false;
-	} else
-		conn->cm3_valid = true;
+	if (cm3 != NULL && cm3_len > 0) {
+		rc = gsm48_decode_classmark3(&conn->cm3, cm3, cm3_len);
+		if (rc < 0) {
+			LOGP(DMSC, LOGL_NOTICE, "Unable to decode classmark3 during CM Update.\n");
+			memset(&conn->cm3, 0, sizeof(conn->cm3));
+			conn->cm3_valid = false;
+		} else
+			conn->cm3_valid = true;
+	}
 
 	if (!msc_connected(conn))
 		return;

-- 
To view, visit https://gerrit.osmocom.org/c/osmo-bsc/+/21454
To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings

Gerrit-Project: osmo-bsc
Gerrit-Branch: master
Gerrit-Change-Id: I4f1455a3db4972ea9843564b590e405c51083b47
Gerrit-Change-Number: 21454
Gerrit-PatchSet: 1
Gerrit-Owner: fixeria <vyanitskiy at sysmocom.de>
Gerrit-MessageType: newchange
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osmocom.org/pipermail/gerrit-log/attachments/20201202/2e2e655b/attachment.htm>


More information about the gerrit-log mailing list