diff options
authorPhilipp <pmaier@sysmocom.de>2017-01-09 12:30:40 +0100
committerdexter <pmaier@sysmocom.de>2017-01-10 14:14:51 +0000
commit962b33ea9d9640bcd0ed0f18c278cc55207d0f46 (patch)
parent563b744b3801bede7b03e48e09edbd9c328862ab (diff)
OML: fix possible segfault: add NULL check in oml_ipa_set_attr()
oml_ipa_set_attr() is using gsm_objclass2mo() to determine the *mo object. However, it is possible that gsm_objclass2mo() returns a null-pointer. The code following up is using *mo without checking. Reject instead of dereferencing a NULL *mo. Fixes: coverity scan CID#159533 Change-Id: Ia2cc9bc504c46ca3843c43d712cd8649bfae9526
1 files changed, 2 insertions, 0 deletions
diff --git a/src/common/oml.c b/src/common/oml.c
index 8ccfcc66..88c9abd6 100644
--- a/src/common/oml.c
+++ b/src/common/oml.c
@@ -1048,6 +1048,8 @@ static int oml_ipa_set_attr(struct gsm_bts *bts, struct msgb *msg)
rc = oml_tlv_parse(&tp, foh->data, msgb_l3len(msg) - sizeof(*foh));
if (rc < 0) {
mo = gsm_objclass2mo(bts, foh->obj_class, &foh->obj_inst);
+ if (!mo)
+ return oml_fom_ack_nack(msg, NM_NACK_OBJINST_UNKN);
oml_tx_failure_event_rep(mo, OSMO_EVT_MAJ_UNSUP_ATTR,
"New value for IPAC Set Attribute not "