Change in osmo-sgsn[master]: sgsn: cdr: Fix uninitialized string access if ggsn is dettached

[Pau Espin Pedrol]

Pau Espin Pedrol has uploaded this change for review. ( https://gerrit.osmocom.org/10029


Change subject: sgsn: cdr: Fix uninitialized string access if ggsn is dettached
......................................................................

sgsn: cdr: Fix uninitialized string access if ggsn is dettached

if pdp->ggsn==NULL, sgsn_addr was not initialized and caused asan report
during snprintf:

==19459==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7fffffffbe31 at pc 0x7ffff6e563fe bp 0x7fffffffb130 sp 0x7fffffffa8a8
READ of size 31 at 0x7fffffffbe31 thread T0
...
Address 0x7fffffffbe31 is located in stack of thread T0 at offset 337 in frame
    #0 0x55555573a7b0 in cdr_snprintf_pdp osmo-sgsn/src/gprs/sgsn_cdr.c:154
...
[320, 337) 'sgsn_addr' <== Memory access at offset 337 overflows this variable
...

Change-Id: I97bc56a4e3e76725eb2717b74b3ac125b68bbf0a
---
M src/gprs/sgsn_cdr.c
1 file changed, 1 insertion(+), 0 deletions(-)



  git pull ssh://gerrit.osmocom.org:29418/osmo-sgsn refs/changes/29/10029/1

diff --git a/src/gprs/sgsn_cdr.c b/src/gprs/sgsn_cdr.c
index 55aa664..7380e74 100644
--- a/src/gprs/sgsn_cdr.c
+++ b/src/gprs/sgsn_cdr.c
@@ -164,6 +164,7 @@
 
 	memset(apni, 0, sizeof(apni));
 	memset(ggsn_addr, 0, sizeof(ggsn_addr));
+	memset(sgsn_addr, 0, sizeof(sgsn_addr));
 	memset(eua_addr, 0, sizeof(eua_addr));
 
 

-- 
To view, visit https://gerrit.osmocom.org/10029
To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings

Gerrit-Project: osmo-sgsn
Gerrit-Branch: master
Gerrit-MessageType: newchange
Gerrit-Change-Id: I97bc56a4e3e76725eb2717b74b3ac125b68bbf0a
Gerrit-Change-Number: 10029
Gerrit-PatchSet: 1
Gerrit-Owner: Pau Espin Pedrol <pespin at sysmocom.de>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osmocom.org/pipermail/gerrit-log/attachments/20180717/e13f1a5b/attachment.htm>