[PATCH] libosmo-sccp[master]: xua_rkm: Fix handling of RK Registration with multiple Routi...

Thu, 27 Apr 2017 01:57:05 -0700 

Review at  https://gerrit.osmocom.org/2426

xua_rkm: Fix handling of RK Registration with multiple Routing Keys

RKM permits multiple routing key IEs to be inside a single Routing Key
Registration message.  We were trying to handle this, but the counter we
used as array index into the 'newly_assigned_as' array was actually
always kept at zero.

Change-Id: I08a962d2f242cefb67fb2dc93818c1ed532e8990
Fixes: coverity CID#166991
---
M src/xua_rkm.c
1 file changed, 7 insertions(+), 6 deletions(-)


  git pull ssh://gerrit.osmocom.org:29418/libosmo-sccp refs/changes/26/2426/1

diff --git a/src/xua_rkm.c b/src/xua_rkm.c
index 62abfdd..d2971bc 100644
--- a/src/xua_rkm.c
+++ b/src/xua_rkm.c
@@ -145,9 +145,9 @@
 
 /* SG: handle a single registration request IE (nested IEs in 'innner' */
 static int handle_rkey_reg(struct osmo_ss7_asp *asp, struct xua_msg *inner,
-                          struct msgb *resp, struct osmo_ss7_as 
**newly_assigned_as)
+                          struct msgb *resp, struct osmo_ss7_as 
**newly_assigned_as,
+                          unsigned int max_nas_idx, unsigned int *nas_idx)
 {
-       unsigned int nas_idx = 0;
        uint32_t rk_id, rctx, _tmode, dpc;
        enum osmo_ss7_as_traffic_mode tmode;
        struct osmo_ss7_as *as;
@@ -245,13 +245,13 @@
                }
 
                /* append to list of newly assigned as */
-               if (nas_idx >= MAX_NEW_AS) {
+               if (*nas_idx >= max_nas_idx) {
                        osmo_ss7_route_destroy(rt);
                        osmo_ss7_as_destroy(as);
                        msgb_append_reg_res(resp, rk_id, 
M3UA_RKM_REG_ERR_INSUFF_RESRC, 0);
                        return -1;
                }
-               newly_assigned_as[nas_idx++] = as;
+               newly_assigned_as[(*nas_idx)++] = as;
        } else {
                /* not permitted to create dynamic RKM entries */
                msgb_append_reg_res(resp, rk_id, M3UA_RKM_REG_ERR_PERM_DENIED, 
0);
@@ -270,7 +270,7 @@
        struct xua_msg_part *part;
        struct msgb *resp = m3ua_msgb_alloc(__func__);
        struct osmo_ss7_as *newly_assigned_as[MAX_NEW_AS];
-       unsigned int i;
+       unsigned int i, nas_idx = 0;
 
        memset(newly_assigned_as, 0, sizeof(newly_assigned_as));
 
@@ -289,7 +289,8 @@
                }
                /* handle single registration and append result to
                 * 'resp' */
-               handle_rkey_reg(asp, inner, resp, newly_assigned_as);
+               handle_rkey_reg(asp, inner, resp, newly_assigned_as,
+                               ARRAY_SIZE(newly_assigned_as), &nas_idx);
 
                xua_msg_free(inner);
        }

-- 
To view, visit https://gerrit.osmocom.org/2426
To unsubscribe, visit https://gerrit.osmocom.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I08a962d2f242cefb67fb2dc93818c1ed532e8990
Gerrit-PatchSet: 1
Gerrit-Project: libosmo-sccp
Gerrit-Branch: master
Gerrit-Owner: Harald Welte <[email protected]>

Reply via email to