[S] Change in libosmo-sigtran[master]: sccp_scoc.c: validate success of sua_addr_parse()

16 May 2025

laforge has submitted this change. ( https://gerrit.osmocom.org/c/libosmo-sigtran/+/40298?usp=email )
Change subject: sccp_scoc.c: validate success of sua_addr_parse()
......................................................................
sccp_scoc.c: validate success of sua_addr_parse()
Related: Coverity CID#523214
Change-Id: I008ee6f9024247c14d986a2baba061cc12bf68ec
---
M src/sccp_scoc.c
1 file changed, 29 insertions(+), 5 deletions(-)
Approvals:
  Jenkins Builder: Verified
  laforge: Looks good to me, approved
  osmith: Looks good to me, but someone else must approve

diff --git a/src/sccp_scoc.c b/src/sccp_scoc.c
index 4e390af..c122ce4 100644
--- a/src/sccp_scoc.c
+++ b/src/sccp_scoc.c
@@ -916,8 +916,14 @@
    	//udisp->in_sequence_control;
    	if (xua) {
    		udisp->cause = xua_msg_get_u32(xua, SUA_IEI_CAUSE);
-			if (xua_msg_find_tag(xua, SUA_IEI_SRC_ADDR))
-				sua_addr_parse(&udisp->responding_addr, xua, SUA_IEI_SRC_ADDR);
+			if (xua_msg_find_tag(xua, SUA_IEI_SRC_ADDR)) {
+				if (sua_addr_parse(&udisp->responding_addr, xua, SUA_IEI_SRC_ADDR) < 0) {
+					LOGPSCC(conn, LOGL_ERROR, "XUA Message %s without valid SRC_ADDR\n",
+						xua_hdr_dump(xua, &xua_dialect_sua));
+					talloc_free(scu_prim->oph.msg);
+					return;
+				}
+			}
    		data_ie = xua_msg_find_tag(xua, SUA_IEI_DATA);
    		udisp->importance = xua_msg_get_u32(xua, SUA_IEI_IMPORTANCE);
    		if (data_ie) {
@@ -1035,11 +1041,16 @@
    case SCOC_E_RCOC_CONN_IND:
    	xua = data;
    	/* copy relevant parameters from xua to conn */
-		sua_addr_parse(&conn->calling_addr, xua, SUA_IEI_SRC_ADDR);
-		sua_addr_parse(&conn->called_addr, xua, SUA_IEI_DEST_ADDR);
    	conn->remote_ref = xua_msg_get_u32(xua, SUA_IEI_SRC_REF);
    	conn->sccp_class = xua_msg_get_u32(xua, SUA_IEI_PROTO_CLASS) & 3;
    	conn->importance = xua_msg_get_u32(xua, SUA_IEI_IMPORTANCE);
+
+		rc = sua_addr_parse(&conn->calling_addr, xua, SUA_IEI_SRC_ADDR);
+		if (rc < 0) {
+			LOGPSCC(conn, LOGL_ERROR, "XUA Message %s without valid SRC_ADDR\n",
+				xua_hdr_dump(xua, &xua_dialect_sua));
+			goto refuse_destroy_conn;
+		}
    	/* 3.1.6.1 The originating node of the CR message
    	 * (identified by the OPC in the calling party address
    	 * or by default by the OPC in the MTP label, [and the
@@ -1052,12 +1063,24 @@
    		conn->remote_pc = xua->mtp.opc;
    	}
+		rc = sua_addr_parse(&conn->called_addr, xua, SUA_IEI_DEST_ADDR);
+		if (rc < 0) {
+			LOGPSCC(conn, LOGL_ERROR, "XUA Message %s without valid DEST_ADDR\n",
+				xua_hdr_dump(xua, &xua_dialect_sua));
+			goto refuse_destroy_conn;
+		}
+
    	osmo_fsm_inst_state_chg(fi, S_CONN_PEND_IN, 0, 0);
    	/* N-CONNECT.ind to User */
    	scu_gen_encode_and_send(conn, event, xua, OSMO_SCU_PRIM_N_CONNECT,
    				PRIM_OP_INDICATION);
    	break;
    }
+	return;
+
+refuse_destroy_conn:
+	xua_gen_encode_and_send(conn, event, NULL, SUA_CO_COREF);
+	osmo_fsm_inst_state_chg(fi, S_IDLE, 0, 0);
 }
static void scoc_fsm_idle_onenter(struct osmo_fsm_inst *fi, uint32_t old_state)
@@ -1405,7 +1428,8 @@
    			 S(SCOC_E_RCOC_RLSD_IND) |
    			 S(SCOC_E_RCOC_REL_COMPL_IND) |
    			 S(SCOC_E_RCOC_OTHER_NPDU),
-		.out_state_mask = S(S_CONN_PEND_OUT) |
+		.out_state_mask = S(S_IDLE) |
+				  S(S_CONN_PEND_OUT) |
    			  S(S_CONN_PEND_IN),
    },
    [S_CONN_PEND_IN] = {
-- 
To view, visit https://gerrit.osmocom.org/c/libosmo-sigtran/+/40298?usp=email
To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings?usp=email

Gerrit-MessageType: merged
Gerrit-Project: libosmo-sigtran
Gerrit-Branch: master
Gerrit-Change-Id: I008ee6f9024247c14d986a2baba061cc12bf68ec
Gerrit-Change-Number: 40298
Gerrit-PatchSet: 2
Gerrit-Owner: pespin pespin@sysmocom.de
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: laforge laforge@osmocom.org
Gerrit-Reviewer: osmith osmith@sysmocom.de



    

2025

2024

2023

2022

[S] Change in libosmo-sigtran[master]: sccp_scoc.c: validate success of sua_addr_parse()