Change in osmo-sgsn[master]: sgsn: subscriber: Avoid calling memcpy with NULL src

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.

Pau Espin Pedrol gerrit-no-reply at lists.osmocom.org
Tue Jul 17 16:26:56 UTC 2018


Pau Espin Pedrol has uploaded this change for review. ( https://gerrit.osmocom.org/10030


Change subject: sgsn: subscriber: Avoid calling memcpy with NULL src
......................................................................

sgsn: subscriber: Avoid calling memcpy with NULL src

Fixes: OS#3389

Change-Id: I2d1c01ed8b8d2233ced6d70972183ed4fc99007a
---
M src/gprs/gprs_subscriber.c
M src/gprs/sgsn_libgtp.c
2 files changed, 22 insertions(+), 11 deletions(-)



  git pull ssh://gerrit.osmocom.org:29418/osmo-sgsn refs/changes/30/10030/1

diff --git a/src/gprs/gprs_subscriber.c b/src/gprs/gprs_subscriber.c
index 1bebc65..dfd697b 100644
--- a/src/gprs/gprs_subscriber.c
+++ b/src/gprs/gprs_subscriber.c
@@ -374,7 +374,11 @@
 		pdp_data->pdp_type = pdp_info->pdp_type;
 		osmo_apn_to_str(pdp_data->apn_str,
 				pdp_info->apn_enc, pdp_info->apn_enc_len);
-		memcpy(pdp_data->qos_subscribed, pdp_info->qos_enc, pdp_info->qos_enc_len);
+
+		if (pdp_info->qos_enc) {
+			memcpy(&pdp_data->qos_subscribed[0], pdp_info->qos_enc,
+			       pdp_info->qos_enc_len);
+		}
 		pdp_data->qos_subscribed_len = pdp_info->qos_enc_len;
 
 		if (pdp_info->pdp_charg_enc && pdp_info->pdp_charg_enc_len >= sizeof(pdp_data->pdp_charg)) {
diff --git a/src/gprs/sgsn_libgtp.c b/src/gprs/sgsn_libgtp.c
index 659392e..23b8811 100644
--- a/src/gprs/sgsn_libgtp.c
+++ b/src/gprs/sgsn_libgtp.c
@@ -198,18 +198,25 @@
 	pdp->eua.v[0] |= 0xf0;
 
 	/* APN name from GMM */
-	pdp->apn_use.l = TLVP_LEN(tp, GSM48_IE_GSM_APN);
-	if (pdp->apn_use.l > sizeof(pdp->apn_use.v))
-		pdp->apn_use.l = sizeof(pdp->apn_use.v);
-	memcpy(pdp->apn_use.v, TLVP_VAL(tp, GSM48_IE_GSM_APN),
-		pdp->apn_use.l);
+	if (TLVP_PRESENT(tp, GSM48_IE_GSM_APN)) {
+		pdp->apn_use.l = TLVP_LEN(tp, GSM48_IE_GSM_APN);
+		if (pdp->apn_use.l > sizeof(pdp->apn_use.v))
+			pdp->apn_use.l = sizeof(pdp->apn_use.v);
+		memcpy(pdp->apn_use.v, TLVP_VAL(tp, GSM48_IE_GSM_APN), pdp->apn_use.l);
+	} else {
+		pdp->apn_use.l = 0;
+	}
 
 	/* Protocol Configuration Options from GMM */
-	pdp->pco_req.l = TLVP_LEN(tp, GSM48_IE_GSM_PROTO_CONF_OPT);
-	if (pdp->pco_req.l > sizeof(pdp->pco_req.v))
-		pdp->pco_req.l = sizeof(pdp->pco_req.v);
-	memcpy(pdp->pco_req.v, TLVP_VAL(tp, GSM48_IE_GSM_PROTO_CONF_OPT),
-		pdp->pco_req.l);
+	if (TLVP_PRESENT(tp, GSM48_IE_GSM_PROTO_CONF_OPT)) {
+		pdp->pco_req.l = TLVP_LEN(tp, GSM48_IE_GSM_PROTO_CONF_OPT);
+		if (pdp->pco_req.l > sizeof(pdp->pco_req.v))
+			pdp->pco_req.l = sizeof(pdp->pco_req.v);
+		memcpy(pdp->pco_req.v, TLVP_VAL(tp, GSM48_IE_GSM_PROTO_CONF_OPT),
+		       pdp->pco_req.l);
+	} else {
+		pdp->pco_req.l = 0;
+	}
 
 	/* QoS options from GMM or remote */
 	if (TLVP_LEN(tp, OSMO_IE_GSM_SUB_QOS) > 0) {

-- 
To view, visit https://gerrit.osmocom.org/10030
To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings

Gerrit-Project: osmo-sgsn
Gerrit-Branch: master
Gerrit-MessageType: newchange
Gerrit-Change-Id: I2d1c01ed8b8d2233ced6d70972183ed4fc99007a
Gerrit-Change-Number: 10030
Gerrit-PatchSet: 1
Gerrit-Owner: Pau Espin Pedrol <pespin at sysmocom.de>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osmocom.org/pipermail/gerrit-log/attachments/20180717/ee31f511/attachment.htm>


More information about the gerrit-log mailing list