neels has submitted this change. ( https://gerrit.osmocom.org/c/osmo-mgw/+/34997?usp=email )

Change subject: client: replace two assertions with graceful error handling ......................................................................

client: replace two assertions with graceful error handling

A user reports crashes of osmo-bsc upon EV_MDCX. It turns out that there is a lot of error reporting and a distinct possibility to get a NULL return value because of external input. Terminate the FSM instead.

FSM termination is the proper way to report a bad error, it signals the parent_term_evt to the FSM parent, which will then be able to act on the failed MGCP operation.

Related: SYS#6632 Change-Id: Ia5d8a9aff565399a85a5b116d7029fedcab234e0 --- M src/libosmo-mgcp-client/mgcp_client_fsm.c 1 file changed, 28 insertions(+), 2 deletions(-)

Approvals: laforge: Looks good to me, but someone else must approve neels: Looks good to me, approved fixeria: Looks good to me, but someone else must approve Jenkins Builder: Verified pespin: Looks good to me, but someone else must approve

diff --git a/src/libosmo-mgcp-client/mgcp_client_fsm.c b/src/libosmo-mgcp-client/mgcp_client_fsm.c index 660f0ad..432ad84 100644 --- a/src/libosmo-mgcp-client/mgcp_client_fsm.c +++ b/src/libosmo-mgcp-client/mgcp_client_fsm.c @@ -364,13 +364,21 @@ switch (event) { case EV_MDCX: msg = make_mdcx_msg(mgcp_ctx); - OSMO_ASSERT(msg); + if (!msg) { + /* make_mdcx_msg() should already have logged the error */ + osmo_fsm_inst_term(fi, OSMO_FSM_TERM_ERROR, NULL); + return; + } rc = mgcp_client_tx(mgcp, msg, mgw_mdcx_resp_cb, fi); new_state = ST_MDCX_RESP; break; case EV_DLCX: msg = make_dlcx_msg(mgcp_ctx); - OSMO_ASSERT(msg); + if (!msg) { + /* make_dlcx_msg() should already have logged the error */ + osmo_fsm_inst_term(fi, OSMO_FSM_TERM_ERROR, NULL); + return; + } rc = mgcp_client_tx(mgcp, msg, mgw_dlcx_resp_cb, fi); new_state = ST_DLCX_RESP; break;