Vadim Yanitskiy has uploaded this change for review. (
https://gerrit.osmocom.org/13978
Change subject: libmsc/gsm_04_11.c: fix NULL-pointer dereference in
gsm340_rx_tpdu()
......................................................................
libmsc/gsm_04_11.c: fix NULL-pointer dereference in gsm340_rx_tpdu()
Change-Id: I1e9b351e949efe596295d18f98c8a73c8e013763
Fixes: CID#198451
---
M src/libmsc/gsm_04_11.c
1 file changed, 14 insertions(+), 4 deletions(-)
git pull ssh://gerrit.osmocom.org:29418/osmo-msc refs/changes/78/13978/1
diff --git a/src/libmsc/gsm_04_11.c b/src/libmsc/gsm_04_11.c
index 22e55dd..9bd0a05 100644
--- a/src/libmsc/gsm_04_11.c
+++ b/src/libmsc/gsm_04_11.c
@@ -459,14 +459,24 @@
uint8_t da_len_bytes;
uint8_t address_lv[12]; /* according to 03.40 / 9.1.2.5 */
int rc = 0;
- struct msc_a *msc_a = trans->msc_a;
- struct gsm_network *net = msc_a_net(msc_a);
- struct vlr_subscr *vsub = msc_a_vsub(msc_a);
+ struct gsm_network *net;
+ struct vlr_subscr *vsub;
rate_ctr_inc(&net->msc_ctrs->ctr[MSC_CTR_SMS_SUBMITTED]);
- if (!msc_a || !vsub)
+ if (!trans->msc_a) {
+ LOG_TRANS(trans, LOGL_ERROR, "Insufficient info to process
TPDU: "
+ "MSC-A role is NULL?!?\n");
return GSM411_RP_CAUSE_MO_NET_OUT_OF_ORDER;
+ }
+
+ net = msc_a_net(trans->msc_a);
+ vsub = msc_a_vsub(trans->msc_a);
+ if (!net || !vsub) {
+ LOG_TRANS(trans, LOGL_ERROR, "Insufficient info to process
TPDU: "
+ "gsm_network and/or vlr_subscr is
NULL?!?\n");
+ return GSM411_RP_CAUSE_MO_NET_OUT_OF_ORDER;
+ }
gsms = sms_alloc();
if (!gsms)
--
To view, visit https://gerrit.osmocom.org/13978
To unsubscribe, or for help writing mail filters, visit
https://gerrit.osmocom.org/settings
Gerrit-Project: osmo-msc
Gerrit-Branch: master
Gerrit-MessageType: newchange
Gerrit-Change-Id: I1e9b351e949efe596295d18f98c8a73c8e013763
Gerrit-Change-Number: 13978
Gerrit-PatchSet: 1
Gerrit-Owner: Vadim Yanitskiy <[email protected]>
