aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPhilipp <pmaier@sysmocom.de>2016-09-28 15:10:14 +0200
committerHarald Welte <laforge@gnumonks.org>2016-10-28 13:43:10 +0000
commitae9beda1506ab06d898a4ec26bfd53d8fc211614 (patch)
treeecb9c91ca5aaedbd1cd57092697bc3738bbc3b16
parent1b76a03cddcfb52c1ebd5a6f0d990128058a516c (diff)
sndcp: Fixups for sndcp layer based on coverity-scan suggestions
- missing break in gprs_sndcp_pcomp.c, line 143 - string overflow in slhc_test.c, line 211 - sizeof mismatch in gprs_sndcp_xid.c, line 1369 and 1378 - mismatching signedness in gprs_sndcp_xid.c, line 1377 - needless < 0 comparison in gprs_sndcp_xid.c, line 477 - needless < 0 comparison in gprs_sndcp_xid.c, line 209 - missing returncode check in v42bis_test.c, line 320 - wrong pointer dereferentialization in gprs_sndcp_comp.c, line 73 Change-Id: I4f9adf251f5119e67ffe76baad6f1f996ac8dbad
-rw-r--r--openbsc/src/gprs/gprs_sndcp_comp.c2
-rw-r--r--openbsc/src/gprs/gprs_sndcp_pcomp.c1
-rw-r--r--openbsc/src/gprs/gprs_sndcp_xid.c25
-rw-r--r--openbsc/tests/slhc/slhc_test.c2
-rw-r--r--openbsc/tests/v42bis/v42bis_test.c1
5 files changed, 18 insertions, 13 deletions
diff --git a/openbsc/src/gprs/gprs_sndcp_comp.c b/openbsc/src/gprs/gprs_sndcp_comp.c
index b13cb8b23..cae0039a3 100644
--- a/openbsc/src/gprs/gprs_sndcp_comp.c
+++ b/openbsc/src/gprs/gprs_sndcp_comp.c
@@ -70,7 +70,7 @@ static struct gprs_sndcp_comp *gprs_sndcp_comp_create(const void *ctx,
comp_field->v42bis_params->nsapi,
sizeof(comp_entity->nsapi));
} else if (comp_field->v44_params) {
- comp_entity->nsapi_len = comp_field->v42bis_params->nsapi_len;
+ comp_entity->nsapi_len = comp_field->v44_params->nsapi_len;
memcpy(comp_entity->nsapi,
comp_field->v42bis_params->nsapi,
sizeof(comp_entity->nsapi));
diff --git a/openbsc/src/gprs/gprs_sndcp_pcomp.c b/openbsc/src/gprs/gprs_sndcp_pcomp.c
index 5f6fb2ce4..493b26399 100644
--- a/openbsc/src/gprs/gprs_sndcp_pcomp.c
+++ b/openbsc/src/gprs/gprs_sndcp_pcomp.c
@@ -141,6 +141,7 @@ static int rfc1144_expand(uint8_t *data, unsigned int len, uint8_t pcomp_index,
switch (pcomp_index) {
case 0:
type = SL_TYPE_IP;
+ break;
case 1:
type = SL_TYPE_UNCOMPRESSED_TCP;
break;
diff --git a/openbsc/src/gprs/gprs_sndcp_xid.c b/openbsc/src/gprs/gprs_sndcp_xid.c
index 270bdee11..bb43eab68 100644
--- a/openbsc/src/gprs/gprs_sndcp_xid.c
+++ b/openbsc/src/gprs/gprs_sndcp_xid.c
@@ -206,7 +206,6 @@ static int encode_pcomp_rohc_params(uint8_t *dst, unsigned int dst_maxlen,
/* Bail if number of ROHC profiles exceeds limit
* (ROHC supports only a maximum of 16 different profiles) */
- OSMO_ASSERT(params->profile_len >= 0);
OSMO_ASSERT(params->profile_len <= 16);
/* Zero out buffer */
@@ -475,8 +474,7 @@ static int encode_comp_field(uint8_t *dst, unsigned int dst_maxlen,
for (i = 0; i < comp_field->comp_len; i++) {
/* Check if submitted PCOMP/DCOMP
values are within bounds */
- if ((comp_field->comp[i] < 0)
- || (comp_field->comp[i] > 0x0F))
+ if (comp_field->comp[i] > 0x0F)
return -EINVAL;
if (i & 1) {
@@ -1360,26 +1358,29 @@ static int gprs_sndcp_fill_table(struct
{
struct gprs_sndcp_comp_field *comp_field;
int i = 0;
+ int rc;
if (!comp_fields)
return -EINVAL;
if (!lt)
return -EINVAL;
- memset(lt, 0, lt_len * sizeof(lt));
+ memset(lt, 0, sizeof(*lt));
llist_for_each_entry(comp_field, comp_fields, list) {
+ if (comp_field->algo >= 0) {
+ lt[i].entity = comp_field->entity;
+ lt[i].algo = comp_field->algo;
+ rc = gprs_sndcp_get_compression_class(comp_field);
- lt[i].entity = comp_field->entity;
- lt[i].algo = comp_field->algo;
- lt[i].compclass = gprs_sndcp_get_compression_class(comp_field);
+ if (rc < 0) {
+ memset(lt, 0, sizeof(*lt));
+ return -EINVAL;
+ }
- if (lt[i].compclass < 0) {
- memset(lt, 0, lt_len * sizeof(lt));
- return -EINVAL;
+ lt[i].compclass = rc;
+ i++;
}
-
- i++;
}
return i;
diff --git a/openbsc/tests/slhc/slhc_test.c b/openbsc/tests/slhc/slhc_test.c
index e8ea02f75..d2e1cd9dc 100644
--- a/openbsc/tests/slhc/slhc_test.c
+++ b/openbsc/tests/slhc/slhc_test.c
@@ -182,6 +182,8 @@ static void test_slhc(const void *ctx)
memset(packet, 0, sizeof(packet));
memset(packet_compr, 0, sizeof(packet_compr));
memset(packet_decompr, 0, sizeof(packet_decompr));
+
+ OSMO_ASSERT(strlen(packets[i]) < sizeof(packet_ascii));
strcpy(packet_ascii, packets[i]);
packet_len =
diff --git a/openbsc/tests/v42bis/v42bis_test.c b/openbsc/tests/v42bis/v42bis_test.c
index 4e055148e..7e907858d 100644
--- a/openbsc/tests/v42bis/v42bis_test.c
+++ b/openbsc/tests/v42bis/v42bis_test.c
@@ -318,6 +318,7 @@ static void test_v42bis_tcpip(const void *ctx, int packet_id)
len = strlen(uncompr_packets[packet_id]);
testvec = talloc_zero_size(ctx, len);
len = osmo_hexparse(uncompr_packets[packet_id], testvec, len);
+ OSMO_ASSERT(len > 0);
v42bis(ctx, V42BIS_COMPRESSION_MODE_DYNAMIC, testvec, len);
v42bis(ctx, V42BIS_COMPRESSION_MODE_ALWAYS, testvec, len);
v42bis(ctx, V42BIS_COMPRESSION_MODE_NEVER, testvec, len);