[S] Change in osmo-ggsn[master]: gtp: SGSN Ctx: prevent a stack reference to be in **ie

lynxis lazus has uploaded this change for review. ( https://gerrit.osmocom.org/c/osmo-ggsn/+/40641?usp=email ) Change subject: gtp: SGSN Ctx: prevent a stack reference to be in **ie ...................................................................... gtp: SGSN Ctx: prevent a stack reference to be in **ie Even the caller shouldn't re-use **ie after using it with sgsn_context_response, ensure there is no stack reference in **ie when returning. Related: Coverity CID#530774 Related: Coverity CID#530775 Fixes: d46d0cc36845 ("gtp: add support for SGSN Context Req/Resp/Ack") Change-Id: Ideca8beb21c6cce7104721b4d80854448baf6c4e --- M gtp/gtp.c 1 file changed, 15 insertions(+), 0 deletions(-) git pull ssh://gerrit.osmocom.org:29418/osmo-ggsn refs/changes/41/40641/1 diff --git a/gtp/gtp.c b/gtp/gtp.c index fa65575..13b7de7 100644 --- a/gtp/gtp.c +++ b/gtp/gtp.c @@ -912,6 +912,11 @@ pack = &packet; pack += packet_len; rc = gtpie_encaps3(ie, GTPIE_SIZE, pack, GTP_MAX - packet_len, &encoded_len); + + /* Prevent a stack reference within **ie */ + ie[GTPIE_TEI_C] = NULL; + ie[GTPIE_GSN_ADDR] = NULL; + if (rc) return -EINVAL; @@ -954,6 +959,11 @@ pack = &packet; pack += packet_len; rc = gtpie_encaps3(ie, GTPIE_SIZE, pack, GTP_MAX - packet_len, &encoded_len); + + /* Prevent a stack reference within **ie */ + ie[GTPIE_TEI_C] = NULL; + ie[GTPIE_GSN_ADDR] = NULL; + if (rc) return -EINVAL; @@ -999,6 +1009,11 @@ pack += packet_len; rc = gtpie_encaps3(ie, GTPIE_SIZE, pack, GTP_MAX - packet_len, &encoded_len); + + /* Prevent a stack reference within **ie */ + ie[GTPIE_TEI_C] = NULL; + ie[GTPIE_GSN_ADDR] = NULL; + if (rc) return -EINVAL; -- To view, visit https://gerrit.osmocom.org/c/osmo-ggsn/+/40641?usp=email To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings?usp=email Gerrit-MessageType: newchange Gerrit-Project: osmo-ggsn Gerrit-Branch: master Gerrit-Change-Id: Ideca8beb21c6cce7104721b4d80854448baf6c4e Gerrit-Change-Number: 40641 Gerrit-PatchSet: 1 Gerrit-Owner: lynxis lazus <lynxis(a)fe80.eu>