Change in osmo-sgsn[master]: gprs_llc: _bssgp_tx_dl_ud: ensure the LLME is valid before using it

Sun, 20 Sep 2020 02:51:57 -0700 

laforge has submitted this change. ( 
https://gerrit.osmocom.org/c/osmo-sgsn/+/20203 )

Change subject: gprs_llc: _bssgp_tx_dl_ud: ensure the LLME is valid before 
using it
......................................................................

gprs_llc: _bssgp_tx_dl_ud: ensure the LLME is valid before using it

In rare cases the LLME is NULL even when the mmctx is valid.
Ensure not accessing a NULL pointer.

Change-Id: Id9fdfb0d88264671546f8dfc4655032ff27bf43e
---
M src/sgsn/gprs_llc.c
1 file changed, 16 insertions(+), 12 deletions(-)

Approvals:
  Jenkins Builder: Verified
  laforge: Looks good to me, approved



diff --git a/src/sgsn/gprs_llc.c b/src/sgsn/gprs_llc.c
index 6e22e65..e357d16 100644
--- a/src/sgsn/gprs_llc.c
+++ b/src/sgsn/gprs_llc.c
@@ -376,20 +376,24 @@
         * not yet have a MMC context (e.g. XID negotiation of primarly
         * LLC connection from GMM sapi). */
        if (mmctx) {
+               /* In rare cases the LLME is NULL in those cases don't
+                * use the mm radio capabilities */
                dup.imsi = mmctx->imsi;
-               dup.drx_parms = mmctx->drx_parms;
-               dup.ms_ra_cap.len = mmctx->ms_radio_access_capa.len;
-               dup.ms_ra_cap.v = mmctx->ms_radio_access_capa.buf;
+               if (mmctx->gb.llme) {
+                       dup.drx_parms = mmctx->drx_parms;
+                       dup.ms_ra_cap.len = mmctx->ms_radio_access_capa.len;
+                       dup.ms_ra_cap.v = mmctx->ms_radio_access_capa.buf;

-               /* make sure we only send it to the right llme */
-               if (!(msgb_tlli(msg) == mmctx->gb.llme->tlli
-                     || msgb_tlli(msg) == mmctx->gb.llme->old_tlli)) {
-                       LOGP(DLLC, LOGL_ERROR,
-                            "_bssgp_tx_dl_ud(): Attempt to send Downlink 
Unitdata to wrong LLME:"
-                            " msgb_tlli=0x%x mmctx->gb.llme->tlli=0x%x 
->old_tlli=0x%x\n",
-                            msgb_tlli(msg), mmctx->gb.llme->tlli, 
mmctx->gb.llme->old_tlli);
-                       msgb_free(msg);
-                       return -EINVAL;
+                       /* make sure we only send it to the right llme */
+                       if (!(msgb_tlli(msg) == mmctx->gb.llme->tlli
+                             || msgb_tlli(msg) == mmctx->gb.llme->old_tlli)) {
+                               LOGP(DLLC, LOGL_ERROR,
+                                    "_bssgp_tx_dl_ud(): Attempt to send 
Downlink Unitdata to wrong LLME:"
+                                    " msgb_tlli=0x%x mmctx->gb.llme->tlli=0x%x 
->old_tlli=0x%x\n",
+                                    msgb_tlli(msg), mmctx->gb.llme->tlli, 
mmctx->gb.llme->old_tlli);
+                               msgb_free(msg);
+                               return -EINVAL;
+                       }
                }
        }
        memcpy(&dup.qos_profile, qos_profile_default,

--
To view, visit https://gerrit.osmocom.org/c/osmo-sgsn/+/20203
To unsubscribe, or for help writing mail filters, visit 
https://gerrit.osmocom.org/settings

Gerrit-Project: osmo-sgsn
Gerrit-Branch: master
Gerrit-Change-Id: Id9fdfb0d88264671546f8dfc4655032ff27bf43e
Gerrit-Change-Number: 20203
Gerrit-PatchSet: 1
Gerrit-Owner: lynxis lazus <[email protected]>
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: laforge <[email protected]>
Gerrit-MessageType: merged

Reply via email to