This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.
Harald Welte gerrit-no-reply at lists.osmocom.orgHarald Welte has submitted this change and it was merged. ( https://gerrit.osmocom.org/12481 )
Change subject: gsm_04_08: Fix nullpointer deref
......................................................................
gsm_04_08: Fix nullpointer deref
The pointers conn, conn->vsub and conn->vsub->last_tuple are checked,
but before the check those pointers are already dereferenced during
assignment. This defeats the purpose of the check. Lets dereference
those pointers after the check.
Fixes: CID#190404
Change-Id: Ice4992606f3799eac13154ec0b9f53e46d2e178e
---
M src/libmsc/gsm_04_08.c
1 file changed, 5 insertions(+), 2 deletions(-)
Approvals:
Max: Looks good to me, but someone else must approve
Pau Espin Pedrol: Looks good to me, approved
Jenkins Builder: Verified
diff --git a/src/libmsc/gsm_04_08.c b/src/libmsc/gsm_04_08.c
index 7a485c7..adc946e 100644
--- a/src/libmsc/gsm_04_08.c
+++ b/src/libmsc/gsm_04_08.c
@@ -1603,12 +1603,12 @@
int ran_conn_geran_set_cipher_mode(struct ran_conn *conn, bool umts_aka, bool retrieve_imeisv)
{
- struct gsm_network *net = conn->network;
+ struct gsm_network *net;
struct gsm0808_encrypt_info ei;
int i, j = 0;
int request_classmark = 0;
int request_classmark_for_a5_n = 0;
- struct vlr_auth_tuple *tuple = conn->vsub->last_tuple;
+ struct vlr_auth_tuple *tuple;
if (!conn || !conn->vsub || !conn->vsub->last_tuple) {
/* This should really never happen, because we checked this in msc_vlr_set_ciph_mode()
@@ -1617,6 +1617,9 @@
return -EINVAL;
}
+ net = conn->network;
+ tuple = conn->vsub->last_tuple;
+
for (i = 0; i < 8; i++) {
int supported;
--
To view, visit https://gerrit.osmocom.org/12481
To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings
Gerrit-Project: osmo-msc
Gerrit-Branch: master
Gerrit-MessageType: merged
Gerrit-Change-Id: Ice4992606f3799eac13154ec0b9f53e46d2e178e
Gerrit-Change-Number: 12481
Gerrit-PatchSet: 2
Gerrit-Owner: dexter <pmaier at sysmocom.de>
Gerrit-Reviewer: Harald Welte <laforge at gnumonks.org>
Gerrit-Reviewer: Jenkins Builder (1000002)
Gerrit-Reviewer: Max <msuraev at sysmocom.de>
Gerrit-Reviewer: Pau Espin Pedrol <pespin at sysmocom.de>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osmocom.org/pipermail/gerrit-log/attachments/20190112/6a84ed12/attachment.htm>