diff options
| author | Philipp Maier <pmaier@sysmocom.de> | 2021-11-05 18:29:01 +0100 |
|---|---|---|
| committer | laforge <laforge@osmocom.org> | 2021-11-11 09:00:39 +0000 |
| commit | 9a310f818fe945e5d1c682f7d6a71fac384c88d1 (patch) | |
| tree | 55ebd728a8a2fac24b522a59d852601f942b2d34 | |
| parent | a249babf20c5cc42bbb3f8f4554e54a585f8d564 (diff) | |
osmo_bsc_ctrl: make sure strtok results are checked
The function set_bts_loc does not check the string pointers resturned by
strtok_r. In this particular case this is not a problem because the
function set_bts_lock will only see verfied input. However, lets check
the results anyway to avoid creating false positives in coverity scan.
Change-Id: Ie21c392e0405fc45811c6d55bf5508e9eb6784de
Fixes: CID#240849
| -rw-r--r-- | src/osmo-bsc/osmo_bsc_ctrl.c | 21 |
1 files changed, 14 insertions, 7 deletions
diff --git a/src/osmo-bsc/osmo_bsc_ctrl.c b/src/osmo-bsc/osmo_bsc_ctrl.c index 1eea6901b..969efb5a3 100644 --- a/src/osmo-bsc/osmo_bsc_ctrl.c +++ b/src/osmo-bsc/osmo_bsc_ctrl.c @@ -428,6 +428,20 @@ static int set_bts_loc(struct ctrl_cmd *cmd, void *data) if (!tmp) goto oom; + tstamp = strtok_r(tmp, ",", &saveptr); + valid = strtok_r(NULL, ",", &saveptr); + lat = strtok_r(NULL, ",", &saveptr); + lon = strtok_r(NULL, ",", &saveptr); + height = strtok_r(NULL, "\0", &saveptr); + + /* Check if one of the strtok results was NULL. This will probably never occur since we will only see verified + * input in this code path */ + if ((tstamp == NULL) || (valid == NULL) || (lat == NULL) || (lon == NULL) || (height == NULL)) { + talloc_free(tmp); + cmd->reply = "parse error"; + return CTRL_CMD_ERROR; + } + curloc = talloc_zero(tall_bsc_ctx, struct bts_location); if (!curloc) { talloc_free(tmp); @@ -435,13 +449,6 @@ static int set_bts_loc(struct ctrl_cmd *cmd, void *data) } INIT_LLIST_HEAD(&curloc->list); - - tstamp = strtok_r(tmp, ",", &saveptr); - valid = strtok_r(NULL, ",", &saveptr); - lat = strtok_r(NULL, ",", &saveptr); - lon = strtok_r(NULL, ",", &saveptr); - height = strtok_r(NULL, "\0", &saveptr); - curloc->tstamp = atol(tstamp); curloc->valid = get_string_value(bts_loc_fix_names, valid); curloc->lat = atof(lat); |