diff options
author | Vadim Yanitskiy <axilirator@gmail.com> | 2019-05-11 03:35:45 +0700 |
---|---|---|
committer | Harald Welte <laforge@gnumonks.org> | 2019-05-13 20:15:04 +0000 |
commit | 36c8153999483242deccacae490fdd15b55f3e95 (patch) | |
tree | 4fe3a3ffd254065e9ec0b22ed6b8ce55c7f1dca2 | |
parent | 678354f6baca6105ed7e026376b7279c7941e184 (diff) |
libmsc/gsm_04_11.c: fix NULL-pointer dereference in gsm340_rx_tpdu()
Change-Id: I1e9b351e949efe596295d18f98c8a73c8e013763
Fixes: CID#198451
-rw-r--r-- | src/libmsc/gsm_04_11.c | 21 |
1 files changed, 16 insertions, 5 deletions
diff --git a/src/libmsc/gsm_04_11.c b/src/libmsc/gsm_04_11.c index c5c30367c..a3b383068 100644 --- a/src/libmsc/gsm_04_11.c +++ b/src/libmsc/gsm_04_11.c @@ -457,14 +457,25 @@ static int gsm340_rx_tpdu(struct gsm_trans *trans, struct msgb *msg, uint8_t da_len_bytes; uint8_t address_lv[12]; /* according to 03.40 / 9.1.2.5 */ int rc = 0; - struct msc_a *msc_a = trans->msc_a; - struct gsm_network *net = msc_a_net(msc_a); - struct vlr_subscr *vsub = msc_a_vsub(msc_a); + struct gsm_network *net; + struct vlr_subscr *vsub; - rate_ctr_inc(&net->msc_ctrs->ctr[MSC_CTR_SMS_SUBMITTED]); + if (!trans->msc_a) { + LOG_TRANS(trans, LOGL_ERROR, "Insufficient info to process TPDU: " + "MSC-A role is NULL?!?\n"); + return GSM411_RP_CAUSE_MO_NET_OUT_OF_ORDER; + } - if (!msc_a || !vsub) + net = msc_a_net(trans->msc_a); + vsub = msc_a_vsub(trans->msc_a); + if (!net || !vsub) { + LOG_TRANS(trans, LOGL_ERROR, "Insufficient info to process TPDU: " + "gsm_network and/or vlr_subscr is NULL?!?\n"); return GSM411_RP_CAUSE_MO_NET_OUT_OF_ORDER; + } + + /* FIXME: should we do this on success, after all checks? */ + rate_ctr_inc(&net->msc_ctrs->ctr[MSC_CTR_SMS_SUBMITTED]); gsms = sms_alloc(); if (!gsms) |