subject:"Change in libosmo\-sccp\[master\]\: sccp\: Fix null ptr access on malformed or unsupported msg received"

Change in libosmo-sccp[master]: sccp: Fix null ptr access on malformed or unsupported msg received

2020-01-16 Thread laforge

laforge has submitted this change. ( 
https://gerrit.osmocom.org/c/libosmo-sccp/+/16895 )

Change subject: sccp: Fix null ptr access on malformed or unsupported msg 
received
..

sccp: Fix null ptr access on malformed or unsupported msg received

Detected while running a TTCN3 sending malformed SCCP message in
SCCP_Tests_RAW.ttcn:

sccp_user.c:174:12: runtime error: member access within null pointer of type 
'struct xua_msg'
ASAN:DEADLYSIGNAL
=
==6==ERROR: AddressSanitizer: SEGV on unknown address 0x0008 (pc 
0x7f2a11f93c5c bp 0x7ffefcf05c50 sp 0x7ffefcf05c10 T0)
#0 0x7f2a11f93c5b in mtp_user_prim_cb /tmp/libosmo-sccp/src/sccp_user.c:174
#1 0x7f2a11fb48f9 in deliver_to_mtp_user 
/tmp/libosmo-sccp/src/osmo_ss7_hmrt.c:94
#2 0x7f2a11fb4c8a in hmdt_message_for_distribution 
/tmp/libosmo-sccp/src/osmo_ss7_hmrt.c:133
#3 0x7f2a11fb5c90 in m3ua_hmdc_rx_from_l2 
/tmp/libosmo-sccp/src/osmo_ss7_hmrt.c:275
#4 0x7f2a11f6f5c2 in m3ua_rx_xfer /tmp/libosmo-sccp/src/m3ua.c:586
#5 0x7f2a11f70480 in m3ua_rx_msg /tmp/libosmo-sccp/src/m3ua.c:739
#6 0x7f2a11faee35 in xua_srv_conn_cb /tmp/libosmo-sccp/src/osmo_ss7.c:1623
#7 0x7f2a0f46d082  (/usr/lib/x86_64-linux-gnu/libosmonetif.so.8+0xb082)
#8 0x7f2a1186c0be  (/usr/lib/x86_64-linux-gnu/libosmocore.so.12+0xc0be)
#9 0x7f2a1186c735 in osmo_select_main 
(/usr/lib/x86_64-linux-gnu/libosmocore.so.12+0xc735)
#10 0x557378718219 in main /tmp/libosmo-sccp/examples/sccp_demo_user.c:264
#11 0x7f2a105ad2e0 in __libc_start_main 
(/lib/x86_64-linux-gnu/libc.so.6+0x202e0)
#12 0x557378717059 in _start (/usr/local/bin/sccp_demo_user+0x6059)

Change-Id: Idafa8c9693d98ecd214b62155372e4db69e2a4a4
---
M src/sccp_user.c
1 file changed, 6 insertions(+), 0 deletions(-)

Approvals:
  Jenkins Builder: Verified
  laforge: Looks good to me, approved



diff --git a/src/sccp_user.c b/src/sccp_user.c
index 9df5817..386f424 100644
--- a/src/sccp_user.c
+++ b/src/sccp_user.c
@@ -171,6 +171,12 @@
case OSMO_PRIM(OSMO_MTP_PRIM_TRANSFER, PRIM_OP_INDICATION):
/* Convert from SCCP to SUA in xua_msg format */
xua = osmo_sccp_to_xua(oph->msg);
+   if (!xua) {
+   LOGP(DLSCCP, LOGL_ERROR, "Couldn't convert SCCP to SUA: 
%s\n",
+   msgb_hexdump(oph->msg));
+   rc = -1;
+   break;
+   }
xua->mtp = omp->u.transfer;
/* hand this primitive into SCCP via the SCRC code */
rc = scrc_rx_mtp_xfer_ind_xua(inst, xua);

--
To view, visit https://gerrit.osmocom.org/c/libosmo-sccp/+/16895
To unsubscribe, or for help writing mail filters, visit 
https://gerrit.osmocom.org/settings

Gerrit-Project: libosmo-sccp
Gerrit-Branch: master
Gerrit-Change-Id: Idafa8c9693d98ecd214b62155372e4db69e2a4a4
Gerrit-Change-Number: 16895
Gerrit-PatchSet: 1
Gerrit-Owner: pespin 
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: laforge 
Gerrit-MessageType: merged

Change in libosmo-sccp[master]: sccp: Fix null ptr access on malformed or unsupported msg received

2020-01-16 Thread laforge

laforge has posted comments on this change. ( 
https://gerrit.osmocom.org/c/libosmo-sccp/+/16895 )

Change subject: sccp: Fix null ptr access on malformed or unsupported msg 
received
..


Patch Set 1: Code-Review+2


--
To view, visit https://gerrit.osmocom.org/c/libosmo-sccp/+/16895
To unsubscribe, or for help writing mail filters, visit 
https://gerrit.osmocom.org/settings

Gerrit-Project: libosmo-sccp
Gerrit-Branch: master
Gerrit-Change-Id: Idafa8c9693d98ecd214b62155372e4db69e2a4a4
Gerrit-Change-Number: 16895
Gerrit-PatchSet: 1
Gerrit-Owner: pespin 
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: laforge 
Gerrit-Comment-Date: Thu, 16 Jan 2020 20:23:16 +
Gerrit-HasComments: No
Gerrit-Has-Labels: Yes
Gerrit-MessageType: comment

Change in libosmo-sccp[master]: sccp: Fix null ptr access on malformed or unsupported msg received

2020-01-16 Thread pespin

pespin has uploaded this change for review. ( 
https://gerrit.osmocom.org/c/libosmo-sccp/+/16895 )


Change subject: sccp: Fix null ptr access on malformed or unsupported msg 
received
..

sccp: Fix null ptr access on malformed or unsupported msg received

Detected while running a TTCN3 sending malformed SCCP message in
SCCP_Tests_RAW.ttcn:

sccp_user.c:174:12: runtime error: member access within null pointer of type 
'struct xua_msg'
ASAN:DEADLYSIGNAL
=
==6==ERROR: AddressSanitizer: SEGV on unknown address 0x0008 (pc 
0x7f2a11f93c5c bp 0x7ffefcf05c50 sp 0x7ffefcf05c10 T0)
#0 0x7f2a11f93c5b in mtp_user_prim_cb /tmp/libosmo-sccp/src/sccp_user.c:174
#1 0x7f2a11fb48f9 in deliver_to_mtp_user 
/tmp/libosmo-sccp/src/osmo_ss7_hmrt.c:94
#2 0x7f2a11fb4c8a in hmdt_message_for_distribution 
/tmp/libosmo-sccp/src/osmo_ss7_hmrt.c:133
#3 0x7f2a11fb5c90 in m3ua_hmdc_rx_from_l2 
/tmp/libosmo-sccp/src/osmo_ss7_hmrt.c:275
#4 0x7f2a11f6f5c2 in m3ua_rx_xfer /tmp/libosmo-sccp/src/m3ua.c:586
#5 0x7f2a11f70480 in m3ua_rx_msg /tmp/libosmo-sccp/src/m3ua.c:739
#6 0x7f2a11faee35 in xua_srv_conn_cb /tmp/libosmo-sccp/src/osmo_ss7.c:1623
#7 0x7f2a0f46d082  (/usr/lib/x86_64-linux-gnu/libosmonetif.so.8+0xb082)
#8 0x7f2a1186c0be  (/usr/lib/x86_64-linux-gnu/libosmocore.so.12+0xc0be)
#9 0x7f2a1186c735 in osmo_select_main 
(/usr/lib/x86_64-linux-gnu/libosmocore.so.12+0xc735)
#10 0x557378718219 in main /tmp/libosmo-sccp/examples/sccp_demo_user.c:264
#11 0x7f2a105ad2e0 in __libc_start_main 
(/lib/x86_64-linux-gnu/libc.so.6+0x202e0)
#12 0x557378717059 in _start (/usr/local/bin/sccp_demo_user+0x6059)

Change-Id: Idafa8c9693d98ecd214b62155372e4db69e2a4a4
---
M src/sccp_user.c
1 file changed, 6 insertions(+), 0 deletions(-)



  git pull ssh://gerrit.osmocom.org:29418/libosmo-sccp refs/changes/95/16895/1

diff --git a/src/sccp_user.c b/src/sccp_user.c
index 9df5817..386f424 100644
--- a/src/sccp_user.c
+++ b/src/sccp_user.c
@@ -171,6 +171,12 @@
case OSMO_PRIM(OSMO_MTP_PRIM_TRANSFER, PRIM_OP_INDICATION):
/* Convert from SCCP to SUA in xua_msg format */
xua = osmo_sccp_to_xua(oph->msg);
+   if (!xua) {
+   LOGP(DLSCCP, LOGL_ERROR, "Couldn't convert SCCP to SUA: 
%s\n",
+   msgb_hexdump(oph->msg));
+   rc = -1;
+   break;
+   }
xua->mtp = omp->u.transfer;
/* hand this primitive into SCCP via the SCRC code */
rc = scrc_rx_mtp_xfer_ind_xua(inst, xua);

--
To view, visit https://gerrit.osmocom.org/c/libosmo-sccp/+/16895
To unsubscribe, or for help writing mail filters, visit 
https://gerrit.osmocom.org/settings

Gerrit-Project: libosmo-sccp
Gerrit-Branch: master
Gerrit-Change-Id: Idafa8c9693d98ecd214b62155372e4db69e2a4a4
Gerrit-Change-Number: 16895
Gerrit-PatchSet: 1
Gerrit-Owner: pespin 
Gerrit-MessageType: newchange

Change in libosmo-sccp[master]: sccp: Fix null ptr access on malformed or unsupported msg received

Change in libosmo-sccp[master]: sccp: Fix null ptr access on malformed or unsupported msg received

Change in libosmo-sccp[master]: sccp: Fix null ptr access on malformed or unsupported msg received

3 matches

Site Navigation

Mail list logo

Footer information