This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.
dexter gerrit-no-reply at lists.osmocom.orgReview at https://gerrit.osmocom.org/4711 osmux: fix nullpointer dereference in point_lookup() the connection pointer is determined using mgcp_conn_get_rtp() this function may return 0. At the moment there are no nullpointer checks implemented Add checks to test for nullpointer. This fixes CID 178662 Change-Id: If9a3c1ac002bc8adc90ca1c1c3dd1db4feea07ac --- M src/libosmo-mgcp/mgcp_osmux.c 1 file changed, 10 insertions(+), 3 deletions(-) git pull ssh://gerrit.osmocom.org:29418/osmo-mgw refs/changes/11/4711/1 diff --git a/src/libosmo-mgcp/mgcp_osmux.c b/src/libosmo-mgcp/mgcp_osmux.c index 60ffe06..09b2636 100644 --- a/src/libosmo-mgcp/mgcp_osmux.c +++ b/src/libosmo-mgcp/mgcp_osmux.c @@ -207,12 +207,18 @@ case MGCP_DEST_NET: /* FIXME: Get rid of CONN_ID_XXX! */ conn_net = mgcp_conn_get_rtp(endp, CONN_ID_NET); - this = &conn_net->end.addr; + if (conn_net) + this = &conn_net->end.addr; + else + this = NULL; break; case MGCP_DEST_BTS: /* FIXME: Get rid of CONN_ID_XXX! */ conn_bts = mgcp_conn_get_rtp(endp, CONN_ID_BTS); - this = &conn_bts->end.addr; + if (conn_bts) + this = &conn_bts->end.addr; + else + this = NULL; break; default: /* Should not ever happen */ @@ -222,7 +228,8 @@ /* FIXME: Get rid of CONN_ID_XXX! */ conn_net = mgcp_conn_get_rtp(endp, CONN_ID_NET); - if (conn_net->osmux.cid == cid && this->s_addr == from_addr->s_addr) + if (conn_net && this && conn_net->osmux.cid == cid + && this->s_addr == from_addr->s_addr) return endp; } -- To view, visit https://gerrit.osmocom.org/4711 To unsubscribe, visit https://gerrit.osmocom.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: If9a3c1ac002bc8adc90ca1c1c3dd1db4feea07ac Gerrit-PatchSet: 1 Gerrit-Project: osmo-mgw Gerrit-Branch: master Gerrit-Owner: dexter <pmaier at sysmocom.de>