<p>pespin has uploaded this change for <strong>review</strong>.</p><p><a href="https://gerrit.osmocom.org/c/libosmo-sccp/+/16895">View Change</a></p><pre style="font-family: monospace,monospace; white-space: pre-wrap;">sccp: Fix null ptr access on malformed or unsupported msg received<br><br>Detected while running a TTCN3 sending malformed SCCP message in<br>SCCP_Tests_RAW.ttcn:<br><br>sccp_user.c:174:12: runtime error: member access within null pointer of type 'struct xua_msg'<br>ASAN:DEADLYSIGNAL<br>=================================================================<br>==6==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000008 (pc 0x7f2a11f93c5c bp 0x7ffefcf05c50 sp 0x7ffefcf05c10 T0)<br> #0 0x7f2a11f93c5b in mtp_user_prim_cb /tmp/libosmo-sccp/src/sccp_user.c:174<br> #1 0x7f2a11fb48f9 in deliver_to_mtp_user /tmp/libosmo-sccp/src/osmo_ss7_hmrt.c:94<br> #2 0x7f2a11fb4c8a in hmdt_message_for_distribution /tmp/libosmo-sccp/src/osmo_ss7_hmrt.c:133<br> #3 0x7f2a11fb5c90 in m3ua_hmdc_rx_from_l2 /tmp/libosmo-sccp/src/osmo_ss7_hmrt.c:275<br> #4 0x7f2a11f6f5c2 in m3ua_rx_xfer /tmp/libosmo-sccp/src/m3ua.c:586<br> #5 0x7f2a11f70480 in m3ua_rx_msg /tmp/libosmo-sccp/src/m3ua.c:739<br> #6 0x7f2a11faee35 in xua_srv_conn_cb /tmp/libosmo-sccp/src/osmo_ss7.c:1623<br> #7 0x7f2a0f46d082 (/usr/lib/x86_64-linux-gnu/libosmonetif.so.8+0xb082)<br> #8 0x7f2a1186c0be (/usr/lib/x86_64-linux-gnu/libosmocore.so.12+0xc0be)<br> #9 0x7f2a1186c735 in osmo_select_main (/usr/lib/x86_64-linux-gnu/libosmocore.so.12+0xc735)<br> #10 0x557378718219 in main /tmp/libosmo-sccp/examples/sccp_demo_user.c:264<br> #11 0x7f2a105ad2e0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202e0)<br> #12 0x557378717059 in _start (/usr/local/bin/sccp_demo_user+0x6059)<br><br>Change-Id: Idafa8c9693d98ecd214b62155372e4db69e2a4a4<br>---<br>M src/sccp_user.c<br>1 file changed, 6 insertions(+), 0 deletions(-)<br><br></pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;">git pull ssh://gerrit.osmocom.org:29418/libosmo-sccp refs/changes/95/16895/1</pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;"><span>diff --git a/src/sccp_user.c b/src/sccp_user.c</span><br><span>index 9df5817..386f424 100644</span><br><span>--- a/src/sccp_user.c</span><br><span>+++ b/src/sccp_user.c</span><br><span>@@ -171,6 +171,12 @@</span><br><span> case OSMO_PRIM(OSMO_MTP_PRIM_TRANSFER, PRIM_OP_INDICATION):</span><br><span> /* Convert from SCCP to SUA in xua_msg format */</span><br><span> xua = osmo_sccp_to_xua(oph->msg);</span><br><span style="color: hsl(120, 100%, 40%);">+ if (!xua) {</span><br><span style="color: hsl(120, 100%, 40%);">+ LOGP(DLSCCP, LOGL_ERROR, "Couldn't convert SCCP to SUA: %s\n",</span><br><span style="color: hsl(120, 100%, 40%);">+ msgb_hexdump(oph->msg));</span><br><span style="color: hsl(120, 100%, 40%);">+ rc = -1;</span><br><span style="color: hsl(120, 100%, 40%);">+ break;</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span> xua->mtp = omp->u.transfer;</span><br><span> /* hand this primitive into SCCP via the SCRC code */</span><br><span> rc = scrc_rx_mtp_xfer_ind_xua(inst, xua);</span><br><span></span><br></pre><p>To view, visit <a href="https://gerrit.osmocom.org/c/libosmo-sccp/+/16895">change 16895</a>. To unsubscribe, or for help writing mail filters, visit <a href="https://gerrit.osmocom.org/settings">settings</a>.</p><div itemscope itemtype="http://schema.org/EmailMessage"><div itemscope itemprop="action" itemtype="http://schema.org/ViewAction"><link itemprop="url" href="https://gerrit.osmocom.org/c/libosmo-sccp/+/16895"/><meta itemprop="name" content="View Change"/></div></div>
<div style="display:none"> Gerrit-Project: libosmo-sccp </div>
<div style="display:none"> Gerrit-Branch: master </div>
<div style="display:none"> Gerrit-Change-Id: Idafa8c9693d98ecd214b62155372e4db69e2a4a4 </div>
<div style="display:none"> Gerrit-Change-Number: 16895 </div>
<div style="display:none"> Gerrit-PatchSet: 1 </div>
<div style="display:none"> Gerrit-Owner: pespin <pespin@sysmocom.de> </div>
<div style="display:none"> Gerrit-MessageType: newchange </div>