This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.
Max gerrit-no-reply at lists.osmocom.orgMax has submitted this change and it was merged.
Change subject: Check for proper lapdm_datalink entity
......................................................................
Check for proper lapdm_datalink entity
Previously lapdm_datalink->entity->mode was dereferenced without
checking if correct entity is present. This might lead to
segfault. Check it explicitly before dereferencing, log error and
gracefully return if necessary.
Change-Id: I0361e3731e86712b415a370cab1128d611988f56
Related: OS#1898
---
M src/gsm/lapdm.c
1 file changed, 8 insertions(+), 2 deletions(-)
Approvals:
Neels Hofmeyr: Looks good to me, approved
Jenkins Builder: Verified
diff --git a/src/gsm/lapdm.c b/src/gsm/lapdm.c
index fa7769b..1fdf311 100644
--- a/src/gsm/lapdm.c
+++ b/src/gsm/lapdm.c
@@ -852,10 +852,16 @@
struct abis_rsl_rll_hdr *rllh = msgb_l2(msg);
uint8_t chan_nr = rllh->chan_nr;
uint8_t link_id = rllh->link_id;
- int ui_bts = (le->mode == LAPDM_MODE_BTS && (link_id & 0x40));
uint8_t sapi = link_id & 7;
struct tlv_parsed tv;
- int length;
+ int length, ui_bts;
+
+ if (!le) {
+ LOGP(DLLAPD, LOGL_ERROR, "lapdm_datalink without entity error\n");
+ msgb_free(msg);
+ return -EMLINK;
+ }
+ ui_bts = (le->mode == LAPDM_MODE_BTS && (link_id & 0x40));
/* check if the layer3 message length exceeds N201 */
--
To view, visit https://gerrit.osmocom.org/1959
To unsubscribe, visit https://gerrit.osmocom.org/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I0361e3731e86712b415a370cab1128d611988f56
Gerrit-PatchSet: 3
Gerrit-Project: libosmocore
Gerrit-Branch: master
Gerrit-Owner: Max <msuraev at sysmocom.de>
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: Max <msuraev at sysmocom.de>
Gerrit-Reviewer: Neels Hofmeyr <nhofmeyr at sysmocom.de>