neels submitted this change.

View Change


Approvals: laforge: Looks good to me, but someone else must approve fixeria: Looks good to me, approved pespin: Looks good to me, approved Jenkins Builder: Verified 
ranap_rab_ass: be sure to initialize memory with 0

When we use the ASN.1 decoder functions, we often reserve some memory on
the stack to store the results. (e.g. RANAP_RAB_xy_t _RANAP_RAB_xy;).
Then we assign the memory location to a pointer variable (e.g.
RANAP_RAB_xy = &_RANAP_RAB_xy). We do this for cosmetic reasons but we
may end up with an uninitialized buffer, which may cause trouble
lateron. Let's be consistent and make sure that those buffers are
initialized with zeros.

Change-Id: I7a8a951ccd8c9ae3923261468c0755192894a84b
---
M src/osmo-hnbgw/ranap_rab_ass.c
1 file changed, 25 insertions(+), 11 deletions(-)

diff --git a/src/osmo-hnbgw/ranap_rab_ass.c b/src/osmo-hnbgw/ranap_rab_ass.c
index e8addcd..fe42803 100644
--- a/src/osmo-hnbgw/ranap_rab_ass.c
+++ b/src/osmo-hnbgw/ranap_rab_ass.c
@@ -41,11 +41,9 @@
 {
 	int rc;
 	struct msgb *msg;
-	RANAP_RAB_AssignmentRequest_t _rab_assignment_request;
+	RANAP_RAB_AssignmentRequest_t _rab_assignment_request = { 0 };
 	RANAP_RAB_AssignmentRequest_t *rab_assignment_request = &_rab_assignment_request;
 
-	memset(rab_assignment_request, 0, sizeof(*rab_assignment_request));
-
 	rc = ranap_encode_rab_assignmentrequesties(rab_assignment_request, rab_assignment_request_ies);
 	if (rc < 0)
 		return NULL;
@@ -72,11 +70,10 @@
 	int rc;
 	struct msgb *msg;
 
-	RANAP_RAB_AssignmentResponse_t _rab_assignment_response;
+	RANAP_RAB_AssignmentResponse_t _rab_assignment_response = { 0 };
 	RANAP_RAB_AssignmentResponse_t *rab_assignment_response = &_rab_assignment_response;
 
 	memset(data, 0, len);
-	memset(rab_assignment_response, 0, sizeof(*rab_assignment_response));
 
 	rc = ranap_encode_rab_assignmentresponseies(rab_assignment_response, rab_assignment_response_ies);
 	if (rc < 0)
@@ -315,7 +312,7 @@
 					    RANAP_RAB_AssignmentRequestIEs_t *ies, unsigned int index)
 {
 	RANAP_ProtocolIE_FieldPair_t *protocol_ie_field_pair;
-	RANAP_RAB_SetupOrModifyItemFirst_t _rab_setup_or_modify_item_first;
+	RANAP_RAB_SetupOrModifyItemFirst_t _rab_setup_or_modify_item_first = { 0 };
 	RANAP_RAB_SetupOrModifyItemFirst_t *rab_setup_or_modify_item_first = &_rab_setup_or_modify_item_first;
 	RANAP_TransportLayerAddress_t *trasp_layer_addr;
 	RANAP_IuTransportAssociation_t *transp_assoc;
@@ -384,7 +381,7 @@
  *  \returns 0 on success; negative on error. */
 int ranap_rab_ass_resp_ies_extract_inet_addr(struct osmo_sockaddr *addr, RANAP_RAB_AssignmentResponseIEs_t *ies, uint8_t rab_id)
 {
-	RANAP_RAB_SetupOrModifiedItemIEs_t _rab_setup_or_modified_items_ies;
+	RANAP_RAB_SetupOrModifiedItemIEs_t _rab_setup_or_modified_items_ies = { 0 };
 	RANAP_RAB_SetupOrModifiedItemIEs_t *rab_setup_or_modified_items_ies = &_rab_setup_or_modified_items_ies;
 	RANAP_RAB_SetupOrModifiedItem_t *rab_setup_or_modified_item;
 	uint16_t port;
@@ -436,7 +433,7 @@
 int ranap_rab_ass_req_ies_replace_inet_addr(RANAP_RAB_AssignmentRequestIEs_t *ies, struct osmo_sockaddr *addr, uint8_t rab_id)
 {
 	RANAP_ProtocolIE_FieldPair_t *protocol_ie_field_pair;
-	RANAP_RAB_SetupOrModifyItemFirst_t _rab_setup_or_modify_item_first;
+	RANAP_RAB_SetupOrModifyItemFirst_t _rab_setup_or_modify_item_first = { 0 };
 	RANAP_RAB_SetupOrModifyItemFirst_t *rab_setup_or_modify_item_first = &_rab_setup_or_modify_item_first;
 	RANAP_TransportLayerInformation_t *old_transport_layer_information = NULL;
 	RANAP_TransportLayerInformation_t *new_transport_layer_information = NULL;
@@ -506,7 +503,7 @@
 int ranap_rab_ass_resp_ies_replace_inet_addr(RANAP_RAB_AssignmentResponseIEs_t *ies, struct osmo_sockaddr *addr, uint8_t rab_id)
 {
 	RANAP_IE_t *setup_or_modified_list_ie;
-	RANAP_RAB_SetupOrModifiedItemIEs_t _rab_setup_or_modified_items_ies;
+	RANAP_RAB_SetupOrModifiedItemIEs_t _rab_setup_or_modified_items_ies = { 0 };
 	RANAP_RAB_SetupOrModifiedItemIEs_t *rab_setup_or_modified_items_ies = &_rab_setup_or_modified_items_ies;
 	RANAP_RAB_SetupOrModifiedItem_t *rab_setup_or_modified_item;
 	RANAP_TransportLayerInformation_t *temp_transport_layer_information = NULL;
@@ -575,7 +572,7 @@
  *  \returns true when RAB could be identified as failed; false otherwise */
 bool ranap_rab_ass_resp_ies_check_failure(RANAP_RAB_AssignmentResponseIEs_t *ies, uint8_t rab_id)
 {
-	RANAP_RAB_FailedItemIEs_t _rab_failed_items_ies;
+	RANAP_RAB_FailedItemIEs_t _rab_failed_items_ies = { 0 };
 	RANAP_RAB_FailedItemIEs_t *rab_failed_items_ies = &_rab_failed_items_ies;
 	int rc;
 
@@ -596,7 +593,7 @@
  *  \returns true when RAB is intended for release; false otherwise */
 bool ranap_rab_ass_req_ies_check_release(RANAP_RAB_AssignmentRequestIEs_t *ies, uint8_t rab_id)
 {
-	RANAP_RAB_ReleaseItemIEs_t _rab_release_items_ies;
+	RANAP_RAB_ReleaseItemIEs_t _rab_release_items_ies = { 0 };
 	RANAP_RAB_ReleaseItemIEs_t *rab_release_items_ies = &_rab_release_items_ies;
 	int rc;
 	bool result = true;

To view, visit change 33391. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-Project: osmo-hnbgw
Gerrit-Branch: master
Gerrit-Change-Id: I7a8a951ccd8c9ae3923261468c0755192894a84b
Gerrit-Change-Number: 33391
Gerrit-PatchSet: 2
Gerrit-Owner: dexter <pmaier@sysmocom.de>
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: fixeria <vyanitskiy@sysmocom.de>
Gerrit-Reviewer: laforge <laforge@osmocom.org>
Gerrit-Reviewer: neels <nhofmeyr@sysmocom.de>
Gerrit-Reviewer: pespin <pespin@sysmocom.de>
Gerrit-MessageType: merged