This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.
Pau Espin Pedrol gerrit-no-reply at lists.osmocom.orgPau Espin Pedrol has uploaded this change for review. ( https://gerrit.osmocom.org/10030 Change subject: sgsn: subscriber: Avoid calling memcpy with NULL src ...................................................................... sgsn: subscriber: Avoid calling memcpy with NULL src Fixes: OS#3389 Change-Id: I2d1c01ed8b8d2233ced6d70972183ed4fc99007a --- M src/gprs/gprs_subscriber.c M src/gprs/sgsn_libgtp.c 2 files changed, 22 insertions(+), 11 deletions(-) git pull ssh://gerrit.osmocom.org:29418/osmo-sgsn refs/changes/30/10030/1 diff --git a/src/gprs/gprs_subscriber.c b/src/gprs/gprs_subscriber.c index 1bebc65..dfd697b 100644 --- a/src/gprs/gprs_subscriber.c +++ b/src/gprs/gprs_subscriber.c @@ -374,7 +374,11 @@ pdp_data->pdp_type = pdp_info->pdp_type; osmo_apn_to_str(pdp_data->apn_str, pdp_info->apn_enc, pdp_info->apn_enc_len); - memcpy(pdp_data->qos_subscribed, pdp_info->qos_enc, pdp_info->qos_enc_len); + + if (pdp_info->qos_enc) { + memcpy(&pdp_data->qos_subscribed[0], pdp_info->qos_enc, + pdp_info->qos_enc_len); + } pdp_data->qos_subscribed_len = pdp_info->qos_enc_len; if (pdp_info->pdp_charg_enc && pdp_info->pdp_charg_enc_len >= sizeof(pdp_data->pdp_charg)) { diff --git a/src/gprs/sgsn_libgtp.c b/src/gprs/sgsn_libgtp.c index 659392e..23b8811 100644 --- a/src/gprs/sgsn_libgtp.c +++ b/src/gprs/sgsn_libgtp.c @@ -198,18 +198,25 @@ pdp->eua.v[0] |= 0xf0; /* APN name from GMM */ - pdp->apn_use.l = TLVP_LEN(tp, GSM48_IE_GSM_APN); - if (pdp->apn_use.l > sizeof(pdp->apn_use.v)) - pdp->apn_use.l = sizeof(pdp->apn_use.v); - memcpy(pdp->apn_use.v, TLVP_VAL(tp, GSM48_IE_GSM_APN), - pdp->apn_use.l); + if (TLVP_PRESENT(tp, GSM48_IE_GSM_APN)) { + pdp->apn_use.l = TLVP_LEN(tp, GSM48_IE_GSM_APN); + if (pdp->apn_use.l > sizeof(pdp->apn_use.v)) + pdp->apn_use.l = sizeof(pdp->apn_use.v); + memcpy(pdp->apn_use.v, TLVP_VAL(tp, GSM48_IE_GSM_APN), pdp->apn_use.l); + } else { + pdp->apn_use.l = 0; + } /* Protocol Configuration Options from GMM */ - pdp->pco_req.l = TLVP_LEN(tp, GSM48_IE_GSM_PROTO_CONF_OPT); - if (pdp->pco_req.l > sizeof(pdp->pco_req.v)) - pdp->pco_req.l = sizeof(pdp->pco_req.v); - memcpy(pdp->pco_req.v, TLVP_VAL(tp, GSM48_IE_GSM_PROTO_CONF_OPT), - pdp->pco_req.l); + if (TLVP_PRESENT(tp, GSM48_IE_GSM_PROTO_CONF_OPT)) { + pdp->pco_req.l = TLVP_LEN(tp, GSM48_IE_GSM_PROTO_CONF_OPT); + if (pdp->pco_req.l > sizeof(pdp->pco_req.v)) + pdp->pco_req.l = sizeof(pdp->pco_req.v); + memcpy(pdp->pco_req.v, TLVP_VAL(tp, GSM48_IE_GSM_PROTO_CONF_OPT), + pdp->pco_req.l); + } else { + pdp->pco_req.l = 0; + } /* QoS options from GMM or remote */ if (TLVP_LEN(tp, OSMO_IE_GSM_SUB_QOS) > 0) { -- To view, visit https://gerrit.osmocom.org/10030 To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: osmo-sgsn Gerrit-Branch: master Gerrit-MessageType: newchange Gerrit-Change-Id: I2d1c01ed8b8d2233ced6d70972183ed4fc99007a Gerrit-Change-Number: 10030 Gerrit-PatchSet: 1 Gerrit-Owner: Pau Espin Pedrol <pespin at sysmocom.de> -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.osmocom.org/pipermail/gerrit-log/attachments/20180717/ee31f511/attachment.htm>