fixeria submitted this change.

View Change



2 is the latest approved patch-set.
No files were changed between the latest approved patch-set and the submitted one.

Approvals: laforge: Looks good to me, approved Jenkins Builder: Verified
server: fix NULL deref of file_hdr_msg when store is disabled

When a connection has storing disabled (no store), conn->file_hdr_msg
is never populated. The previous link-header handling skipped the
first branch (gated on conn->store) and fell through to the comparison
branch, which dereferenced the still-NULL conn->file_hdr_msg, crashing
the server on the first PKT_LINK_HDR from such a client.

Gate the whole header tracking on conn->store and simply free the
message when not storing, since osmo_pcap_conn_restart_trace() already
no-ops in that case.

Change-Id: I419e1b66d07307c3e49294984887c153cd8494c3
AI-Assisted: yes (Claude)
---
M src/osmo_server_network.c
1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/osmo_server_network.c b/src/osmo_server_network.c
index 81ad74e..37a5b03 100644
--- a/src/osmo_server_network.c
+++ b/src/osmo_server_network.c
@@ -166,7 +166,10 @@
if ((rc = validate_link_hdr(conn, data)) < 0)
return rc;

- if (conn->store && !conn->wrf) {
+ if (!conn->store) {
+ /* Not storing to a file: no link header to track or compare. */
+ msgb_free(msg);
+ } else if (!conn->wrf) {
/* First received link hdr in conn */
update_conn_file_hdr_msg(conn, msg);
} else if (msgb_l2len(conn->file_hdr_msg) != msgb_l2len(msg) ||

To view, visit change 42848. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-MessageType: merged
Gerrit-Project: osmo-pcap
Gerrit-Branch: master
Gerrit-Change-Id: I419e1b66d07307c3e49294984887c153cd8494c3
Gerrit-Change-Number: 42848
Gerrit-PatchSet: 3
Gerrit-Owner: fixeria <vyanitskiy@sysmocom.de>
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: fixeria <vyanitskiy@sysmocom.de>
Gerrit-Reviewer: laforge <laforge@osmocom.org>
Gerrit-Reviewer: pespin <pespin@sysmocom.de>