cellular-infrastructure
/
osmo-bsc
mirror of https://gerrit.osmocom.org/osmo-bsc
9
0
Fork 0
Code Issues Releases Wiki Activity

osmo_bsc_ctrl: make sure strtok results are checked 

The function set_bts_loc does not check the string pointers resturned by
strtok_r. In this particular case this is not a problem because the
function set_bts_lock will only see verfied input. However, lets check
the results anyway to avoid creating false positives in coverity scan.

Change-Id: Ie21c392e0405fc45811c6d55bf5508e9eb6784de
Fixes: CID#240849
This commit is contained in:
Philipp Maier 2021-11-05 18:29:01 +01:00 committed by laforge
parent a249babf20
commit 9a310f818f
1 changed files with 14 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
src/osmo-bsc/osmo_bsc_ctrl.c
View File

@ -428,6 +428,20 @@ static int set_bts_loc(struct ctrl_cmd *cmd, void *data)
if (!tmp)
goto oom;
tstamp = strtok_r(tmp, ",", &saveptr);
valid = strtok_r(NULL, ",", &saveptr);
lat = strtok_r(NULL, ",", &saveptr);
lon = strtok_r(NULL, ",", &saveptr);
height = strtok_r(NULL, "\0", &saveptr);
/* Check if one of the strtok results was NULL. This will probably never occur since we will only see verified
* input in this code path */
if ((tstamp == NULL) || (valid == NULL) || (lat == NULL) || (lon == NULL) || (height == NULL)) {
talloc_free(tmp);
cmd->reply = "parse error";
return CTRL_CMD_ERROR;
}
curloc = talloc_zero(tall_bsc_ctx, struct bts_location);
if (!curloc) {
talloc_free(tmp);
@ -435,13 +449,6 @@ static int set_bts_loc(struct ctrl_cmd *cmd, void *data)
}
INIT_LLIST_HEAD(&curloc->list);
tstamp = strtok_r(tmp, ",", &saveptr);
valid = strtok_r(NULL, ",", &saveptr);
lat = strtok_r(NULL, ",", &saveptr);
lon = strtok_r(NULL, ",", &saveptr);
height = strtok_r(NULL, "\0", &saveptr);
curloc->tstamp = atol(tstamp);
curloc->valid = get_string_value(bts_loc_fix_names, valid);
curloc->lat = atof(lat);