Change in osmo-sgsn[master]: gbproxy: Fix segfault when receiving PAGING for unknown destination

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.

laforge gerrit-no-reply at lists.osmocom.org
Sat Dec 12 15:23:18 UTC 2020


laforge has submitted this change. ( https://gerrit.osmocom.org/c/osmo-sgsn/+/21693 )

Change subject: gbproxy: Fix segfault when receiving PAGING for unknown destination
......................................................................

gbproxy: Fix segfault when receiving PAGING for unknown destination

The 'nse' variable had been used both as the input argument of the
SGSN-side NSE, as well as a loop iteration variable.  Let's separate
this clearly.

Closes: OS#4904
Change-Id: I375a219cd72eb11a9a0cb7d55a3efb7b83b771ac
---
M src/gbproxy/gb_proxy.c
1 file changed, 7 insertions(+), 6 deletions(-)

Approvals:
  laforge: Looks good to me, approved
  Jenkins Builder: Verified



diff --git a/src/gbproxy/gb_proxy.c b/src/gbproxy/gb_proxy.c
index 5e6f238..a976d25 100644
--- a/src/gbproxy/gb_proxy.c
+++ b/src/gbproxy/gb_proxy.c
@@ -828,11 +828,12 @@
 }
 
 /* Receive paging request from SGSN, we need to relay to proper BSS */
-static int gbprox_rx_paging(struct gbproxy_nse *nse, struct msgb *msg, const char *pdut_name,
+static int gbprox_rx_paging(struct gbproxy_nse *sgsn_nse, struct msgb *msg, const char *pdut_name,
 			    struct tlv_parsed *tp, uint16_t ns_bvci)
 {
-	struct gbproxy_config *cfg = nse->cfg;
+	struct gbproxy_config *cfg = sgsn_nse->cfg;
 	struct gbproxy_bvc *sgsn_bvc, *bss_bvc;
+	struct gbproxy_nse *nse;
 	unsigned int n_nses = 0;
 	int errctr = GBPROX_GLOB_CTR_PROTO_ERR_SGSN;
 	int i, j;
@@ -842,9 +843,9 @@
 	if (TLVP_PRES_LEN(tp, BSSGP_IE_BVCI, 2)) {
 		uint16_t bvci = ntohs(tlvp_val16_unal(tp, BSSGP_IE_BVCI));
 		errctr = GBPROX_GLOB_CTR_OTHER_ERR;
-		sgsn_bvc = gbproxy_bvc_by_bvci(nse, bvci);
+		sgsn_bvc = gbproxy_bvc_by_bvci(sgsn_nse, bvci);
 		if (!sgsn_bvc) {
-			LOGPNSE(nse, LOGL_NOTICE, "Rx %s: unable to route: BVCI=%05u unknown\n",
+			LOGPNSE(sgsn_nse, LOGL_NOTICE, "Rx %s: unable to route: BVCI=%05u unknown\n",
 				pdut_name, bvci);
 			rate_ctr_inc(&cfg->ctrg->ctr[errctr]);
 			return -EINVAL;
@@ -893,12 +894,12 @@
 			}
 		}
 	} else {
-		LOGPNSE(nse, LOGL_ERROR, "BSSGP PAGING: unable to route, missing IE\n");
+		LOGPNSE(sgsn_nse, LOGL_ERROR, "BSSGP PAGING: unable to route, missing IE\n");
 		rate_ctr_inc(&cfg->ctrg->ctr[errctr]);
 	}
 
 	if (n_nses == 0) {
-		LOGPNSE(nse, LOGL_ERROR, "BSSGP PAGING: unable to route, no destination found\n");
+		LOGPNSE(sgsn_nse, LOGL_ERROR, "BSSGP PAGING: unable to route, no destination found\n");
 		rate_ctr_inc(&cfg->ctrg->ctr[errctr]);
 		return -EINVAL;
 	}

-- 
To view, visit https://gerrit.osmocom.org/c/osmo-sgsn/+/21693
To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings

Gerrit-Project: osmo-sgsn
Gerrit-Branch: master
Gerrit-Change-Id: I375a219cd72eb11a9a0cb7d55a3efb7b83b771ac
Gerrit-Change-Number: 21693
Gerrit-PatchSet: 1
Gerrit-Owner: laforge <laforge at osmocom.org>
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: laforge <laforge at osmocom.org>
Gerrit-MessageType: merged
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osmocom.org/pipermail/gerrit-log/attachments/20201212/1cb85899/attachment.htm>


More information about the gerrit-log mailing list