<p>laforge <strong>merged</strong> this change.</p><p><a href="https://gerrit.osmocom.org/c/osmo-hlr/+/14925">View Change</a></p><div style="white-space:pre-wrap">Approvals:
  Jenkins Builder: Verified
  pespin: Looks good to me, but someone else must approve
  laforge: Looks good to me, approved

</div><pre style="font-family: monospace,monospace; white-space: pre-wrap;">hlr_ussd.c: rx_proc_ss_req(): fix NULL pointer dereference<br><br>The SS payload is mandatory for GSUP PROC_SS_{REQ,RSP} messages<br>with session state BEGIN or CONTINUE, and optional for the END.<br><br>Make sure that it's present for both BEGIN and CONTINUE, consider<br>received message as incorrect otherwise. In case of the END, call<br>handle_ussd() / handle_ss() only if SS payload is present.<br><br>Change-Id: Ia71cabbf396bd1388e764a1749e953ac1782e307<br>Fixes: CID#188841<br>---<br>M src/hlr_ussd.c<br>1 file changed, 16 insertions(+), 6 deletions(-)<br><br></pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;"><span>diff --git a/src/hlr_ussd.c b/src/hlr_ussd.c</span><br><span>index 773c571..1568815 100644</span><br><span>--- a/src/hlr_ussd.c</span><br><span>+++ b/src/hlr_ussd.c</span><br><span>@@ -519,6 +519,11 @@</span><br><span>                      /* FIXME: Send a Reject component? */</span><br><span>                        goto out_err;</span><br><span>                }</span><br><span style="color: hsl(120, 100%, 40%);">+     } else if (gsup->session_state != OSMO_GSUP_SESSION_STATE_END) {</span><br><span style="color: hsl(120, 100%, 40%);">+           LOGP(DSS, LOGL_ERROR, "%s/0x%082x: Missing SS payload for '%s'\n",</span><br><span style="color: hsl(120, 100%, 40%);">+               gsup->imsi, gsup->session_id,</span><br><span style="color: hsl(120, 100%, 40%);">+                   osmo_gsup_session_state_name(gsup->session_state));</span><br><span style="color: hsl(120, 100%, 40%);">+           goto out_err;</span><br><span>        }</span><br><span> </span><br><span>        switch (gsup->session_state) {</span><br><span>@@ -606,13 +611,18 @@</span><br><span>                            gsup->imsi, gsup->session_id);</span><br><span>                         goto out_err;</span><br><span>                }</span><br><span style="color: hsl(0, 100%, 40%);">-               if (ss_op_is_ussd(req.opcode)) {</span><br><span style="color: hsl(0, 100%, 40%);">-                        /* dispatch unstructured SS to routing */</span><br><span style="color: hsl(0, 100%, 40%);">-                       handle_ussd(conn, ss, gsup, &req);</span><br><span style="color: hsl(0, 100%, 40%);">-          } else {</span><br><span style="color: hsl(0, 100%, 40%);">-                        /* dispatch non-call SS to internal code */</span><br><span style="color: hsl(0, 100%, 40%);">-                     handle_ss(ss, gsup, &req);</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+              /* SS payload is optional for END */</span><br><span style="color: hsl(120, 100%, 40%);">+          if (gsup->ss_info && gsup->ss_info_len) {</span><br><span style="color: hsl(120, 100%, 40%);">+                       if (ss_op_is_ussd(req.opcode)) {</span><br><span style="color: hsl(120, 100%, 40%);">+                              /* dispatch unstructured SS to routing */</span><br><span style="color: hsl(120, 100%, 40%);">+                             handle_ussd(conn, ss, gsup, &req);</span><br><span style="color: hsl(120, 100%, 40%);">+                        } else {</span><br><span style="color: hsl(120, 100%, 40%);">+                              /* dispatch non-call SS to internal code */</span><br><span style="color: hsl(120, 100%, 40%);">+                           handle_ss(ss, gsup, &req);</span><br><span style="color: hsl(120, 100%, 40%);">+                        }</span><br><span>            }</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span>          ss_session_free(ss);</span><br><span>                 break;</span><br><span>       default:</span><br><span></span><br></pre><p>To view, visit <a href="https://gerrit.osmocom.org/c/osmo-hlr/+/14925">change 14925</a>. To unsubscribe, or for help writing mail filters, visit <a href="https://gerrit.osmocom.org/settings">settings</a>.</p><div itemscope itemtype="http://schema.org/EmailMessage"><div itemscope itemprop="action" itemtype="http://schema.org/ViewAction"><link itemprop="url" href="https://gerrit.osmocom.org/c/osmo-hlr/+/14925"/><meta itemprop="name" content="View Change"/></div></div>

<div style="display:none"> Gerrit-Project: osmo-hlr </div>
<div style="display:none"> Gerrit-Branch: master </div>
<div style="display:none"> Gerrit-Change-Id: Ia71cabbf396bd1388e764a1749e953ac1782e307 </div>
<div style="display:none"> Gerrit-Change-Number: 14925 </div>
<div style="display:none"> Gerrit-PatchSet: 1 </div>
<div style="display:none"> Gerrit-Owner: fixeria <axilirator@gmail.com> </div>
<div style="display:none"> Gerrit-Reviewer: Jenkins Builder </div>
<div style="display:none"> Gerrit-Reviewer: fixeria <axilirator@gmail.com> </div>
<div style="display:none"> Gerrit-Reviewer: laforge <laforge@gnumonks.org> </div>
<div style="display:none"> Gerrit-Reviewer: pespin <pespin@sysmocom.de> </div>
<div style="display:none"> Gerrit-MessageType: merged </div>