This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.
Max gerrit-no-reply at lists.osmocom.orgReview at https://gerrit.osmocom.org/1959 Check for proper lapdm_datalink entity Previously lapdm_datalink->entity->mode was dereferenced without checking if correct entity is present. This might lead to segfault. Check it explicitly before dereferencing, log error and gracefully return if necessary. Change-Id: I0361e3731e86712b415a370cab1128d611988f56 Related: OS#1898 --- M src/gsm/lapdm.c 1 file changed, 8 insertions(+), 2 deletions(-) git pull ssh://gerrit.osmocom.org:29418/libosmocore refs/changes/59/1959/1 diff --git a/src/gsm/lapdm.c b/src/gsm/lapdm.c index fa7769b..30a3f70 100644 --- a/src/gsm/lapdm.c +++ b/src/gsm/lapdm.c @@ -852,10 +852,16 @@ struct abis_rsl_rll_hdr *rllh = msgb_l2(msg); uint8_t chan_nr = rllh->chan_nr; uint8_t link_id = rllh->link_id; - int ui_bts = (le->mode == LAPDM_MODE_BTS && (link_id & 0x40)); uint8_t sapi = link_id & 7; struct tlv_parsed tv; - int length; + int length, ui_bts; + + if (!le) { + LOGP(DLLAPD, LOGL_ERROR, "lapdm_datalink without entity error\n"); + msgb_free(msg); + return -EBADR; + } + ui_bts = (le->mode == LAPDM_MODE_BTS && (link_id & 0x40)); /* check if the layer3 message length exceeds N201 */ -- To view, visit https://gerrit.osmocom.org/1959 To unsubscribe, visit https://gerrit.osmocom.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I0361e3731e86712b415a370cab1128d611988f56 Gerrit-PatchSet: 1 Gerrit-Project: libosmocore Gerrit-Branch: master Gerrit-Owner: Max <msuraev at sysmocom.de>