This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.
Pau Espin Pedrol gerrit-no-reply at lists.osmocom.orgPau Espin Pedrol has submitted this change and it was merged. ( https://gerrit.osmocom.org/10030 )
Change subject: sgsn: subscriber: Avoid calling memcpy with NULL src
......................................................................
sgsn: subscriber: Avoid calling memcpy with NULL src
Fixes: OS#3389
Change-Id: I2d1c01ed8b8d2233ced6d70972183ed4fc99007a
---
M src/gprs/gprs_subscriber.c
M src/gprs/sgsn_libgtp.c
2 files changed, 22 insertions(+), 11 deletions(-)
Approvals:
Jenkins Builder: Verified
Neels Hofmeyr: Looks good to me, approved
diff --git a/src/gprs/gprs_subscriber.c b/src/gprs/gprs_subscriber.c
index 1bebc65..dfd697b 100644
--- a/src/gprs/gprs_subscriber.c
+++ b/src/gprs/gprs_subscriber.c
@@ -374,7 +374,11 @@
pdp_data->pdp_type = pdp_info->pdp_type;
osmo_apn_to_str(pdp_data->apn_str,
pdp_info->apn_enc, pdp_info->apn_enc_len);
- memcpy(pdp_data->qos_subscribed, pdp_info->qos_enc, pdp_info->qos_enc_len);
+
+ if (pdp_info->qos_enc) {
+ memcpy(&pdp_data->qos_subscribed[0], pdp_info->qos_enc,
+ pdp_info->qos_enc_len);
+ }
pdp_data->qos_subscribed_len = pdp_info->qos_enc_len;
if (pdp_info->pdp_charg_enc && pdp_info->pdp_charg_enc_len >= sizeof(pdp_data->pdp_charg)) {
diff --git a/src/gprs/sgsn_libgtp.c b/src/gprs/sgsn_libgtp.c
index 659392e..23b8811 100644
--- a/src/gprs/sgsn_libgtp.c
+++ b/src/gprs/sgsn_libgtp.c
@@ -198,18 +198,25 @@
pdp->eua.v[0] |= 0xf0;
/* APN name from GMM */
- pdp->apn_use.l = TLVP_LEN(tp, GSM48_IE_GSM_APN);
- if (pdp->apn_use.l > sizeof(pdp->apn_use.v))
- pdp->apn_use.l = sizeof(pdp->apn_use.v);
- memcpy(pdp->apn_use.v, TLVP_VAL(tp, GSM48_IE_GSM_APN),
- pdp->apn_use.l);
+ if (TLVP_PRESENT(tp, GSM48_IE_GSM_APN)) {
+ pdp->apn_use.l = TLVP_LEN(tp, GSM48_IE_GSM_APN);
+ if (pdp->apn_use.l > sizeof(pdp->apn_use.v))
+ pdp->apn_use.l = sizeof(pdp->apn_use.v);
+ memcpy(pdp->apn_use.v, TLVP_VAL(tp, GSM48_IE_GSM_APN), pdp->apn_use.l);
+ } else {
+ pdp->apn_use.l = 0;
+ }
/* Protocol Configuration Options from GMM */
- pdp->pco_req.l = TLVP_LEN(tp, GSM48_IE_GSM_PROTO_CONF_OPT);
- if (pdp->pco_req.l > sizeof(pdp->pco_req.v))
- pdp->pco_req.l = sizeof(pdp->pco_req.v);
- memcpy(pdp->pco_req.v, TLVP_VAL(tp, GSM48_IE_GSM_PROTO_CONF_OPT),
- pdp->pco_req.l);
+ if (TLVP_PRESENT(tp, GSM48_IE_GSM_PROTO_CONF_OPT)) {
+ pdp->pco_req.l = TLVP_LEN(tp, GSM48_IE_GSM_PROTO_CONF_OPT);
+ if (pdp->pco_req.l > sizeof(pdp->pco_req.v))
+ pdp->pco_req.l = sizeof(pdp->pco_req.v);
+ memcpy(pdp->pco_req.v, TLVP_VAL(tp, GSM48_IE_GSM_PROTO_CONF_OPT),
+ pdp->pco_req.l);
+ } else {
+ pdp->pco_req.l = 0;
+ }
/* QoS options from GMM or remote */
if (TLVP_LEN(tp, OSMO_IE_GSM_SUB_QOS) > 0) {
--
To view, visit https://gerrit.osmocom.org/10030
To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings
Gerrit-Project: osmo-sgsn
Gerrit-Branch: master
Gerrit-MessageType: merged
Gerrit-Change-Id: I2d1c01ed8b8d2233ced6d70972183ed4fc99007a
Gerrit-Change-Number: 10030
Gerrit-PatchSet: 1
Gerrit-Owner: Pau Espin Pedrol <pespin at sysmocom.de>
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: Neels Hofmeyr <nhofmeyr at sysmocom.de>
Gerrit-Reviewer: Pau Espin Pedrol <pespin at sysmocom.de>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osmocom.org/pipermail/gerrit-log/attachments/20180719/52737c88/attachment.htm>