Change in osmo-sgsn[master]: sgsn: subscriber: Avoid calling memcpy with NULL src

Tue, 17 Jul 2018 09:27:01 -0700 

Pau Espin Pedrol has uploaded this change for review. ( 
https://gerrit.osmocom.org/10030


Change subject: sgsn: subscriber: Avoid calling memcpy with NULL src
......................................................................

sgsn: subscriber: Avoid calling memcpy with NULL src

Fixes: OS#3389

Change-Id: I2d1c01ed8b8d2233ced6d70972183ed4fc99007a
---
M src/gprs/gprs_subscriber.c
M src/gprs/sgsn_libgtp.c
2 files changed, 22 insertions(+), 11 deletions(-)



  git pull ssh://gerrit.osmocom.org:29418/osmo-sgsn refs/changes/30/10030/1

diff --git a/src/gprs/gprs_subscriber.c b/src/gprs/gprs_subscriber.c
index 1bebc65..dfd697b 100644
--- a/src/gprs/gprs_subscriber.c
+++ b/src/gprs/gprs_subscriber.c
@@ -374,7 +374,11 @@
                pdp_data->pdp_type = pdp_info->pdp_type;
                osmo_apn_to_str(pdp_data->apn_str,
                                pdp_info->apn_enc, pdp_info->apn_enc_len);
-               memcpy(pdp_data->qos_subscribed, pdp_info->qos_enc, 
pdp_info->qos_enc_len);
+
+               if (pdp_info->qos_enc) {
+                       memcpy(&pdp_data->qos_subscribed[0], pdp_info->qos_enc,
+                              pdp_info->qos_enc_len);
+               }
                pdp_data->qos_subscribed_len = pdp_info->qos_enc_len;

                if (pdp_info->pdp_charg_enc && pdp_info->pdp_charg_enc_len >= 
sizeof(pdp_data->pdp_charg)) {
diff --git a/src/gprs/sgsn_libgtp.c b/src/gprs/sgsn_libgtp.c
index 659392e..23b8811 100644
--- a/src/gprs/sgsn_libgtp.c
+++ b/src/gprs/sgsn_libgtp.c
@@ -198,18 +198,25 @@
        pdp->eua.v[0] |= 0xf0;

        /* APN name from GMM */
-       pdp->apn_use.l = TLVP_LEN(tp, GSM48_IE_GSM_APN);
-       if (pdp->apn_use.l > sizeof(pdp->apn_use.v))
-               pdp->apn_use.l = sizeof(pdp->apn_use.v);
-       memcpy(pdp->apn_use.v, TLVP_VAL(tp, GSM48_IE_GSM_APN),
-               pdp->apn_use.l);
+       if (TLVP_PRESENT(tp, GSM48_IE_GSM_APN)) {
+               pdp->apn_use.l = TLVP_LEN(tp, GSM48_IE_GSM_APN);
+               if (pdp->apn_use.l > sizeof(pdp->apn_use.v))
+                       pdp->apn_use.l = sizeof(pdp->apn_use.v);
+               memcpy(pdp->apn_use.v, TLVP_VAL(tp, GSM48_IE_GSM_APN), 
pdp->apn_use.l);
+       } else {
+               pdp->apn_use.l = 0;
+       }

        /* Protocol Configuration Options from GMM */
-       pdp->pco_req.l = TLVP_LEN(tp, GSM48_IE_GSM_PROTO_CONF_OPT);
-       if (pdp->pco_req.l > sizeof(pdp->pco_req.v))
-               pdp->pco_req.l = sizeof(pdp->pco_req.v);
-       memcpy(pdp->pco_req.v, TLVP_VAL(tp, GSM48_IE_GSM_PROTO_CONF_OPT),
-               pdp->pco_req.l);
+       if (TLVP_PRESENT(tp, GSM48_IE_GSM_PROTO_CONF_OPT)) {
+               pdp->pco_req.l = TLVP_LEN(tp, GSM48_IE_GSM_PROTO_CONF_OPT);
+               if (pdp->pco_req.l > sizeof(pdp->pco_req.v))
+                       pdp->pco_req.l = sizeof(pdp->pco_req.v);
+               memcpy(pdp->pco_req.v, TLVP_VAL(tp, 
GSM48_IE_GSM_PROTO_CONF_OPT),
+                      pdp->pco_req.l);
+       } else {
+               pdp->pco_req.l = 0;
+       }

        /* QoS options from GMM or remote */
        if (TLVP_LEN(tp, OSMO_IE_GSM_SUB_QOS) > 0) {

--
To view, visit https://gerrit.osmocom.org/10030
To unsubscribe, or for help writing mail filters, visit 
https://gerrit.osmocom.org/settings

Gerrit-Project: osmo-sgsn
Gerrit-Branch: master
Gerrit-MessageType: newchange
Gerrit-Change-Id: I2d1c01ed8b8d2233ced6d70972183ed4fc99007a
Gerrit-Change-Number: 10030
Gerrit-PatchSet: 1
Gerrit-Owner: Pau Espin Pedrol <[email protected]>

Reply via email to