Change in osmo-sgsn[master]: gprs_llc: _bssgp_tx_dl_ud: ensure the LLME is valid before using it

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.

laforge gerrit-no-reply at lists.osmocom.org
Sun Sep 20 09:51:15 UTC 2020 

laforge has submitted this change. ( https://gerrit.osmocom.org/c/osmo-sgsn/+/20203 )

Change subject: gprs_llc: _bssgp_tx_dl_ud: ensure the LLME is valid before using it
......................................................................

gprs_llc: _bssgp_tx_dl_ud: ensure the LLME is valid before using it

In rare cases the LLME is NULL even when the mmctx is valid.
Ensure not accessing a NULL pointer.

Change-Id: Id9fdfb0d88264671546f8dfc4655032ff27bf43e
---
M src/sgsn/gprs_llc.c
1 file changed, 16 insertions(+), 12 deletions(-)

Approvals:
  Jenkins Builder: Verified
  laforge: Looks good to me, approved



diff --git a/src/sgsn/gprs_llc.c b/src/sgsn/gprs_llc.c
index 6e22e65..e357d16 100644
--- a/src/sgsn/gprs_llc.c
+++ b/src/sgsn/gprs_llc.c
@@ -376,20 +376,24 @@
 	 * not yet have a MMC context (e.g. XID negotiation of primarly
 	 * LLC connection from GMM sapi). */
 	if (mmctx) {
+		/* In rare cases the LLME is NULL in those cases don't
+		 * use the mm radio capabilities */
 		dup.imsi = mmctx->imsi;
-		dup.drx_parms = mmctx->drx_parms;
-		dup.ms_ra_cap.len = mmctx->ms_radio_access_capa.len;
-		dup.ms_ra_cap.v = mmctx->ms_radio_access_capa.buf;
+		if (mmctx->gb.llme) {
+			dup.drx_parms = mmctx->drx_parms;
+			dup.ms_ra_cap.len = mmctx->ms_radio_access_capa.len;
+			dup.ms_ra_cap.v = mmctx->ms_radio_access_capa.buf;
 
-		/* make sure we only send it to the right llme */
-		if (!(msgb_tlli(msg) == mmctx->gb.llme->tlli
-		      || msgb_tlli(msg) == mmctx->gb.llme->old_tlli)) {
-			LOGP(DLLC, LOGL_ERROR,
-			     "_bssgp_tx_dl_ud(): Attempt to send Downlink Unitdata to wrong LLME:"
-			     " msgb_tlli=0x%x mmctx->gb.llme->tlli=0x%x ->old_tlli=0x%x\n",
-			     msgb_tlli(msg), mmctx->gb.llme->tlli, mmctx->gb.llme->old_tlli);
-			msgb_free(msg);
-			return -EINVAL;
+			/* make sure we only send it to the right llme */
+			if (!(msgb_tlli(msg) == mmctx->gb.llme->tlli
+			      || msgb_tlli(msg) == mmctx->gb.llme->old_tlli)) {
+				LOGP(DLLC, LOGL_ERROR,
+				     "_bssgp_tx_dl_ud(): Attempt to send Downlink Unitdata to wrong LLME:"
+				     " msgb_tlli=0x%x mmctx->gb.llme->tlli=0x%x ->old_tlli=0x%x\n",
+				     msgb_tlli(msg), mmctx->gb.llme->tlli, mmctx->gb.llme->old_tlli);
+				msgb_free(msg);
+				return -EINVAL;
+			}
 		}
 	}
 	memcpy(&dup.qos_profile, qos_profile_default,

-- 
To view, visit https://gerrit.osmocom.org/c/osmo-sgsn/+/20203
To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings

Gerrit-Project: osmo-sgsn
Gerrit-Branch: master
Gerrit-Change-Id: Id9fdfb0d88264671546f8dfc4655032ff27bf43e
Gerrit-Change-Number: 20203
Gerrit-PatchSet: 1
Gerrit-Owner: lynxis lazus <lynxis at fe80.eu>
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: laforge <laforge at osmocom.org>
Gerrit-MessageType: merged
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osmocom.org/pipermail/gerrit-log/attachments/20200920/6bdda47e/attachment.htm>

More information about the gerrit-log mailing list