From 968a6c2365c0f772fa65ebe66466715d6861e7fc Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@gnumonks.org>
Date: Sun, 10 Sep 2017 20:38:06 +0200
Subject: libmsc: sms_route_mt_sms() may return uninitialized return value

If smpp_first is set off and there is a local receiver for this sms,
then return 0. Without this patch, we return 'rc' which is uninitialized
in the scenario that I'm describing above.

Change-Id: I0c0bcd919cc3275d491995d17c6a32bb61c6afe1
---
 openbsc/src/libmsc/gsm_04_11.c | 41 +++++++++++++++++++++--------------------
 1 file changed, 21 insertions(+), 20 deletions(-)

(limited to 'openbsc')

diff --git a/openbsc/src/libmsc/gsm_04_11.c b/openbsc/src/libmsc/gsm_04_11.c
index 27bffc9b3..25ef48776 100644
--- a/openbsc/src/libmsc/gsm_04_11.c
+++ b/openbsc/src/libmsc/gsm_04_11.c
@@ -363,30 +363,31 @@ try_local:
 	/* determine gsms->receiver based on dialled number */
 	gsms->receiver = subscr_get_by_extension(conn->network->subscr_group,
 						 gsms->dst.addr);
-	if (!gsms->receiver) {
+	if (gsms->receiver)
+		return 0;
+
 #ifdef BUILD_SMPP
-		/* Avoid a second look-up */
-		if (smpp_first) {
-			rate_ctr_inc(&conn->network->msc_ctrs->ctr[MSC_CTR_SMS_NO_RECEIVER]);
-			return GSM411_RP_CAUSE_MO_NUM_UNASSIGNED;
-		}
+	/* Avoid a second look-up */
+	if (smpp_first) {
+		rate_ctr_inc(&conn->network->msc_ctrs->ctr[MSC_CTR_SMS_NO_RECEIVER]);
+		return GSM411_RP_CAUSE_MO_NUM_UNASSIGNED;
+	}
 
-		rc = smpp_try_deliver(gsms, conn);
-		if (rc == GSM411_RP_CAUSE_MO_NUM_UNASSIGNED) {
-			rate_ctr_inc(&conn->network->msc_ctrs->ctr[MSC_CTR_SMS_NO_RECEIVER]);
-		} else if (rc < 0) {
-	 		LOGP(DLSMS, LOGL_ERROR, "%s: SMS delivery error: %d.",
-			     subscr_name(conn->subscr), rc);
-	 		rc = GSM411_RP_CAUSE_MO_TEMP_FAIL;
-			/* rc will be logged by gsm411_send_rp_error() */
-	 		rate_ctr_inc(&conn->bts->network->msc_ctrs->ctr[
-					MSC_CTR_SMS_DELIVER_UNKNOWN_ERROR]);
-		}
-#else
-		rc = GSM411_RP_CAUSE_MO_NUM_UNASSIGNED;
+	rc = smpp_try_deliver(gsms, conn);
+	if (rc == GSM411_RP_CAUSE_MO_NUM_UNASSIGNED) {
 		rate_ctr_inc(&conn->network->msc_ctrs->ctr[MSC_CTR_SMS_NO_RECEIVER]);
-#endif
+	} else if (rc < 0) {
+		LOGP(DLSMS, LOGL_ERROR, "%s: SMS delivery error: %d.",
+		     subscr_name(conn->subscr), rc);
+		rc = GSM411_RP_CAUSE_MO_TEMP_FAIL;
+		/* rc will be logged by gsm411_send_rp_error() */
+		rate_ctr_inc(&conn->bts->network->msc_ctrs->ctr[
+				MSC_CTR_SMS_DELIVER_UNKNOWN_ERROR]);
 	}
+#else
+	rc = GSM411_RP_CAUSE_MO_NUM_UNASSIGNED;
+	rate_ctr_inc(&conn->network->msc_ctrs->ctr[MSC_CTR_SMS_NO_RECEIVER]);
+#endif
 
 	return rc;
 }
-- 
cgit v1.2.3