Change in libosmocore[master]: osmo-sim-test: check tlv_parsed struct tp before access

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.

laforge gerrit-no-reply at lists.osmocom.org
Wed Mar 4 20:49:13 UTC 2020


laforge has submitted this change. ( https://gerrit.osmocom.org/c/libosmocore/+/17269 )

Change subject: osmo-sim-test: check tlv_parsed struct tp before access
......................................................................

osmo-sim-test: check tlv_parsed struct tp before access

The variable struct tlv_parsed tp in dump_file() conditionally
initalized by tlv_parse() but later it is accessed under a different
condition without a check that makes sure that tp is only accessed when
tlv_parse() was called beforehand. Lets introduce a check that makes
sure tp can not be accessed when it is uninitalized.

Change-Id: I6b0209b966127a4195e6f4bcb43d49387c7646ce
Fixes: CID#208435
---
M utils/osmo-sim-test.c
1 file changed, 8 insertions(+), 4 deletions(-)

Approvals:
  laforge: Looks good to me, approved
  pespin: Looks good to me, but someone else must approve
  Jenkins Builder: Verified



diff --git a/utils/osmo-sim-test.c b/utils/osmo-sim-test.c
index d33f1ba..27de0bc 100644
--- a/utils/osmo-sim-test.c
+++ b/utils/osmo-sim-test.c
@@ -378,11 +378,15 @@
 		}
 		break;
 	case EF_TYPE_TRANSP:
-		if (!TLVP_PRESENT(&tp, UICC_FCP_T_FILE_SIZE))
+		if (g_class != 0xA0) {
+			if (!TLVP_PRESENT(&tp, UICC_FCP_T_FILE_SIZE))
+				goto out;
+			i = ntohs(*(uint16_t *)TLVP_VAL(&tp, UICC_FCP_T_FILE_SIZE));
+			printf("File size: %d bytes\n", i);
+		} else {
+			printf("Can not determine file size, invalid EF-type!\n");
 			goto out;
-		i = ntohs(*(uint16_t *)TLVP_VAL(&tp, UICC_FCP_T_FILE_SIZE));
-		printf("File size: %d bytes\n", i);
-
+		}
 		for (offset = 0; offset < i-1; ) {
 			uint16_t remain_len = i - offset;
 			uint16_t read_len = OSMO_MIN(remain_len, 256);

-- 
To view, visit https://gerrit.osmocom.org/c/libosmocore/+/17269
To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings

Gerrit-Project: libosmocore
Gerrit-Branch: master
Gerrit-Change-Id: I6b0209b966127a4195e6f4bcb43d49387c7646ce
Gerrit-Change-Number: 17269
Gerrit-PatchSet: 5
Gerrit-Owner: dexter <pmaier at sysmocom.de>
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: laforge <laforge at osmocom.org>
Gerrit-Reviewer: pespin <pespin at sysmocom.de>
Gerrit-MessageType: merged
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osmocom.org/pipermail/gerrit-log/attachments/20200304/1fc01dc5/attachment.htm>


More information about the gerrit-log mailing list