Review at https://gerrit.osmocom.org/4711
osmux: fix nullpointer dereference
in point_lookup() the connection pointer is determined using
mgcp_conn_get_rtp() this function may return 0. At the moment
there are no nullpointer checks implemented
Add checks to test for nullpointer.
This fixes CID 178662
Change-Id: If9a3c1ac002bc8adc90ca1c1c3dd1db4feea07ac
---
M src/libosmo-mgcp/mgcp_osmux.c
1 file changed, 10 insertions(+), 3 deletions(-)
git pull ssh://gerrit.osmocom.org:29418/osmo-mgw refs/changes/11/4711/1
diff --git a/src/libosmo-mgcp/mgcp_osmux.c b/src/libosmo-mgcp/mgcp_osmux.c
index 60ffe06..09b2636 100644
--- a/src/libosmo-mgcp/mgcp_osmux.c
+++ b/src/libosmo-mgcp/mgcp_osmux.c
@@ -207,12 +207,18 @@
case MGCP_DEST_NET:
/* FIXME: Get rid of CONN_ID_XXX! */
conn_net = mgcp_conn_get_rtp(endp, CONN_ID_NET);
- this = &conn_net->end.addr;
+ if (conn_net)
+ this = &conn_net->end.addr;
+ else
+ this = NULL;
break;
case MGCP_DEST_BTS:
/* FIXME: Get rid of CONN_ID_XXX! */
conn_bts = mgcp_conn_get_rtp(endp, CONN_ID_BTS);
- this = &conn_bts->end.addr;
+ if (conn_bts)
+ this = &conn_bts->end.addr;
+ else
+ this = NULL;
break;
default:
/* Should not ever happen */
@@ -222,7 +228,8 @@
/* FIXME: Get rid of CONN_ID_XXX! */
conn_net = mgcp_conn_get_rtp(endp, CONN_ID_NET);
- if (conn_net->osmux.cid == cid && this->s_addr ==
from_addr->s_addr)
+ if (conn_net && this && conn_net->osmux.cid == cid
+ && this->s_addr == from_addr->s_addr)
return endp;
}
--
To view, visit https://gerrit.osmocom.org/4711
To unsubscribe, visit https://gerrit.osmocom.org/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: If9a3c1ac002bc8adc90ca1c1c3dd1db4feea07ac
Gerrit-PatchSet: 1
Gerrit-Project: osmo-mgw
Gerrit-Branch: master
Gerrit-Owner: dexter <pma...@sysmocom.de>
