diff options
author | Philipp <pmaier@sysmocom.de> | 2016-09-28 15:10:14 +0200 |
---|---|---|
committer | Harald Welte <laforge@gnumonks.org> | 2016-10-28 13:43:10 +0000 |
commit | ae9beda1506ab06d898a4ec26bfd53d8fc211614 (patch) | |
tree | ecb9c91ca5aaedbd1cd57092697bc3738bbc3b16 | |
parent | 1b76a03cddcfb52c1ebd5a6f0d990128058a516c (diff) |
sndcp: Fixups for sndcp layer based on coverity-scan suggestions
- missing break in gprs_sndcp_pcomp.c, line 143
- string overflow in slhc_test.c, line 211
- sizeof mismatch in gprs_sndcp_xid.c, line 1369 and 1378
- mismatching signedness in gprs_sndcp_xid.c, line 1377
- needless < 0 comparison in gprs_sndcp_xid.c, line 477
- needless < 0 comparison in gprs_sndcp_xid.c, line 209
- missing returncode check in v42bis_test.c, line 320
- wrong pointer dereferentialization in gprs_sndcp_comp.c, line 73
Change-Id: I4f9adf251f5119e67ffe76baad6f1f996ac8dbad
-rw-r--r-- | openbsc/src/gprs/gprs_sndcp_comp.c | 2 | ||||
-rw-r--r-- | openbsc/src/gprs/gprs_sndcp_pcomp.c | 1 | ||||
-rw-r--r-- | openbsc/src/gprs/gprs_sndcp_xid.c | 25 | ||||
-rw-r--r-- | openbsc/tests/slhc/slhc_test.c | 2 | ||||
-rw-r--r-- | openbsc/tests/v42bis/v42bis_test.c | 1 |
5 files changed, 18 insertions, 13 deletions
diff --git a/openbsc/src/gprs/gprs_sndcp_comp.c b/openbsc/src/gprs/gprs_sndcp_comp.c index b13cb8b23..cae0039a3 100644 --- a/openbsc/src/gprs/gprs_sndcp_comp.c +++ b/openbsc/src/gprs/gprs_sndcp_comp.c @@ -70,7 +70,7 @@ static struct gprs_sndcp_comp *gprs_sndcp_comp_create(const void *ctx, comp_field->v42bis_params->nsapi, sizeof(comp_entity->nsapi)); } else if (comp_field->v44_params) { - comp_entity->nsapi_len = comp_field->v42bis_params->nsapi_len; + comp_entity->nsapi_len = comp_field->v44_params->nsapi_len; memcpy(comp_entity->nsapi, comp_field->v42bis_params->nsapi, sizeof(comp_entity->nsapi)); diff --git a/openbsc/src/gprs/gprs_sndcp_pcomp.c b/openbsc/src/gprs/gprs_sndcp_pcomp.c index 5f6fb2ce4..493b26399 100644 --- a/openbsc/src/gprs/gprs_sndcp_pcomp.c +++ b/openbsc/src/gprs/gprs_sndcp_pcomp.c @@ -141,6 +141,7 @@ static int rfc1144_expand(uint8_t *data, unsigned int len, uint8_t pcomp_index, switch (pcomp_index) { case 0: type = SL_TYPE_IP; + break; case 1: type = SL_TYPE_UNCOMPRESSED_TCP; break; diff --git a/openbsc/src/gprs/gprs_sndcp_xid.c b/openbsc/src/gprs/gprs_sndcp_xid.c index 270bdee11..bb43eab68 100644 --- a/openbsc/src/gprs/gprs_sndcp_xid.c +++ b/openbsc/src/gprs/gprs_sndcp_xid.c @@ -206,7 +206,6 @@ static int encode_pcomp_rohc_params(uint8_t *dst, unsigned int dst_maxlen, /* Bail if number of ROHC profiles exceeds limit * (ROHC supports only a maximum of 16 different profiles) */ - OSMO_ASSERT(params->profile_len >= 0); OSMO_ASSERT(params->profile_len <= 16); /* Zero out buffer */ @@ -475,8 +474,7 @@ static int encode_comp_field(uint8_t *dst, unsigned int dst_maxlen, for (i = 0; i < comp_field->comp_len; i++) { /* Check if submitted PCOMP/DCOMP values are within bounds */ - if ((comp_field->comp[i] < 0) - || (comp_field->comp[i] > 0x0F)) + if (comp_field->comp[i] > 0x0F) return -EINVAL; if (i & 1) { @@ -1360,26 +1358,29 @@ static int gprs_sndcp_fill_table(struct { struct gprs_sndcp_comp_field *comp_field; int i = 0; + int rc; if (!comp_fields) return -EINVAL; if (!lt) return -EINVAL; - memset(lt, 0, lt_len * sizeof(lt)); + memset(lt, 0, sizeof(*lt)); llist_for_each_entry(comp_field, comp_fields, list) { + if (comp_field->algo >= 0) { + lt[i].entity = comp_field->entity; + lt[i].algo = comp_field->algo; + rc = gprs_sndcp_get_compression_class(comp_field); - lt[i].entity = comp_field->entity; - lt[i].algo = comp_field->algo; - lt[i].compclass = gprs_sndcp_get_compression_class(comp_field); + if (rc < 0) { + memset(lt, 0, sizeof(*lt)); + return -EINVAL; + } - if (lt[i].compclass < 0) { - memset(lt, 0, lt_len * sizeof(lt)); - return -EINVAL; + lt[i].compclass = rc; + i++; } - - i++; } return i; diff --git a/openbsc/tests/slhc/slhc_test.c b/openbsc/tests/slhc/slhc_test.c index e8ea02f75..d2e1cd9dc 100644 --- a/openbsc/tests/slhc/slhc_test.c +++ b/openbsc/tests/slhc/slhc_test.c @@ -182,6 +182,8 @@ static void test_slhc(const void *ctx) memset(packet, 0, sizeof(packet)); memset(packet_compr, 0, sizeof(packet_compr)); memset(packet_decompr, 0, sizeof(packet_decompr)); + + OSMO_ASSERT(strlen(packets[i]) < sizeof(packet_ascii)); strcpy(packet_ascii, packets[i]); packet_len = diff --git a/openbsc/tests/v42bis/v42bis_test.c b/openbsc/tests/v42bis/v42bis_test.c index 4e055148e..7e907858d 100644 --- a/openbsc/tests/v42bis/v42bis_test.c +++ b/openbsc/tests/v42bis/v42bis_test.c @@ -318,6 +318,7 @@ static void test_v42bis_tcpip(const void *ctx, int packet_id) len = strlen(uncompr_packets[packet_id]); testvec = talloc_zero_size(ctx, len); len = osmo_hexparse(uncompr_packets[packet_id], testvec, len); + OSMO_ASSERT(len > 0); v42bis(ctx, V42BIS_COMPRESSION_MODE_DYNAMIC, testvec, len); v42bis(ctx, V42BIS_COMPRESSION_MODE_ALWAYS, testvec, len); v42bis(ctx, V42BIS_COMPRESSION_MODE_NEVER, testvec, len); |