path: root/src/gprs/sgsn_cdr.c
diff options
authorPau Espin Pedrol <pespin@sysmocom.de>2018-07-17 17:39:16 +0200
committerPau Espin Pedrol <pespin@sysmocom.de>2018-07-19 10:09:11 +0000
commitc6cef69eef48a9846bd89ea5cca516a70fa894b5 (patch)
tree9f2f1047638f6be922ec59a473a2a71b59546cf3 /src/gprs/sgsn_cdr.c
parentfaeea348d6245fd7625bcb718a583283bc09f99d (diff)
sgsn: cdr: Fix uninitialized string access if ggsn is detached
if pdp->ggsn==NULL, sgsn_addr was not initialized and caused asan report during snprintf: ==19459==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7fffffffbe31 at pc 0x7ffff6e563fe bp 0x7fffffffb130 sp 0x7fffffffa8a8 READ of size 31 at 0x7fffffffbe31 thread T0 ... Address 0x7fffffffbe31 is located in stack of thread T0 at offset 337 in frame #0 0x55555573a7b0 in cdr_snprintf_pdp osmo-sgsn/src/gprs/sgsn_cdr.c:154 ... [320, 337) 'sgsn_addr' <== Memory access at offset 337 overflows this variable ... Change-Id: I97bc56a4e3e76725eb2717b74b3ac125b68bbf0a
Diffstat (limited to 'src/gprs/sgsn_cdr.c')
1 files changed, 1 insertions, 0 deletions
diff --git a/src/gprs/sgsn_cdr.c b/src/gprs/sgsn_cdr.c
index 55aa6649..7380e74d 100644
--- a/src/gprs/sgsn_cdr.c
+++ b/src/gprs/sgsn_cdr.c
@@ -164,6 +164,7 @@ static int cdr_snprintf_pdp(char *buf, size_t size, const char *ev,
memset(apni, 0, sizeof(apni));
memset(ggsn_addr, 0, sizeof(ggsn_addr));
+ memset(sgsn_addr, 0, sizeof(sgsn_addr));
memset(eua_addr, 0, sizeof(eua_addr));