diff options
| author | Pau Espin Pedrol <pespin@sysmocom.de> | 2018-07-17 18:08:54 +0200 |
|---|---|---|
| committer | Pau Espin Pedrol <pespin@sysmocom.de> | 2018-07-17 18:26:49 +0200 |
| commit | faeea348d6245fd7625bcb718a583283bc09f99d (patch) | |
| tree | 73cf82779d8867328ace9f3e4974f037511b3450 | |
| parent | 9b5d7f6398295af2ea33493f72917f161e8048de (diff) | |
sgsn: subscriber: Avoid calling memcpy with NULL src
Fixes: OS#3389
Change-Id: I2d1c01ed8b8d2233ced6d70972183ed4fc99007a
| -rw-r--r-- | src/gprs/gprs_subscriber.c | 6 | ||||
| -rw-r--r-- | src/gprs/sgsn_libgtp.c | 27 |
2 files changed, 22 insertions, 11 deletions
diff --git a/src/gprs/gprs_subscriber.c b/src/gprs/gprs_subscriber.c index 1bebc6526..dfd697b72 100644 --- a/src/gprs/gprs_subscriber.c +++ b/src/gprs/gprs_subscriber.c @@ -374,7 +374,11 @@ static void gprs_subscr_gsup_insert_data(struct gprs_subscr *subscr, pdp_data->pdp_type = pdp_info->pdp_type; osmo_apn_to_str(pdp_data->apn_str, pdp_info->apn_enc, pdp_info->apn_enc_len); - memcpy(pdp_data->qos_subscribed, pdp_info->qos_enc, pdp_info->qos_enc_len); + + if (pdp_info->qos_enc) { + memcpy(&pdp_data->qos_subscribed[0], pdp_info->qos_enc, + pdp_info->qos_enc_len); + } pdp_data->qos_subscribed_len = pdp_info->qos_enc_len; if (pdp_info->pdp_charg_enc && pdp_info->pdp_charg_enc_len >= sizeof(pdp_data->pdp_charg)) { diff --git a/src/gprs/sgsn_libgtp.c b/src/gprs/sgsn_libgtp.c index 659392ee8..23b881100 100644 --- a/src/gprs/sgsn_libgtp.c +++ b/src/gprs/sgsn_libgtp.c @@ -198,18 +198,25 @@ struct sgsn_pdp_ctx *sgsn_create_pdp_ctx(struct sgsn_ggsn_ctx *ggsn, pdp->eua.v[0] |= 0xf0; /* APN name from GMM */ - pdp->apn_use.l = TLVP_LEN(tp, GSM48_IE_GSM_APN); - if (pdp->apn_use.l > sizeof(pdp->apn_use.v)) - pdp->apn_use.l = sizeof(pdp->apn_use.v); - memcpy(pdp->apn_use.v, TLVP_VAL(tp, GSM48_IE_GSM_APN), - pdp->apn_use.l); + if (TLVP_PRESENT(tp, GSM48_IE_GSM_APN)) { + pdp->apn_use.l = TLVP_LEN(tp, GSM48_IE_GSM_APN); + if (pdp->apn_use.l > sizeof(pdp->apn_use.v)) + pdp->apn_use.l = sizeof(pdp->apn_use.v); + memcpy(pdp->apn_use.v, TLVP_VAL(tp, GSM48_IE_GSM_APN), pdp->apn_use.l); + } else { + pdp->apn_use.l = 0; + } /* Protocol Configuration Options from GMM */ - pdp->pco_req.l = TLVP_LEN(tp, GSM48_IE_GSM_PROTO_CONF_OPT); - if (pdp->pco_req.l > sizeof(pdp->pco_req.v)) - pdp->pco_req.l = sizeof(pdp->pco_req.v); - memcpy(pdp->pco_req.v, TLVP_VAL(tp, GSM48_IE_GSM_PROTO_CONF_OPT), - pdp->pco_req.l); + if (TLVP_PRESENT(tp, GSM48_IE_GSM_PROTO_CONF_OPT)) { + pdp->pco_req.l = TLVP_LEN(tp, GSM48_IE_GSM_PROTO_CONF_OPT); + if (pdp->pco_req.l > sizeof(pdp->pco_req.v)) + pdp->pco_req.l = sizeof(pdp->pco_req.v); + memcpy(pdp->pco_req.v, TLVP_VAL(tp, GSM48_IE_GSM_PROTO_CONF_OPT), + pdp->pco_req.l); + } else { + pdp->pco_req.l = 0; + } /* QoS options from GMM or remote */ if (TLVP_LEN(tp, OSMO_IE_GSM_SUB_QOS) > 0) { |