From ae9beda1506ab06d898a4ec26bfd53d8fc211614 Mon Sep 17 00:00:00 2001 From: Philipp Date: Wed, 28 Sep 2016 15:10:14 +0200 Subject: [PATCH] sndcp: Fixups for sndcp layer based on coverity-scan suggestions - missing break in gprs_sndcp_pcomp.c, line 143 - string overflow in slhc_test.c, line 211 - sizeof mismatch in gprs_sndcp_xid.c, line 1369 and 1378 - mismatching signedness in gprs_sndcp_xid.c, line 1377 - needless < 0 comparison in gprs_sndcp_xid.c, line 477 - needless < 0 comparison in gprs_sndcp_xid.c, line 209 - missing returncode check in v42bis_test.c, line 320 - wrong pointer dereferentialization in gprs_sndcp_comp.c, line 73 Change-Id: I4f9adf251f5119e67ffe76baad6f1f996ac8dbad --- openbsc/src/gprs/gprs_sndcp_comp.c | 2 +- openbsc/src/gprs/gprs_sndcp_pcomp.c | 1 + openbsc/src/gprs/gprs_sndcp_xid.c | 25 +++++++++++++------------ openbsc/tests/slhc/slhc_test.c | 2 ++ openbsc/tests/v42bis/v42bis_test.c | 1 + 5 files changed, 18 insertions(+), 13 deletions(-) diff --git a/openbsc/src/gprs/gprs_sndcp_comp.c b/openbsc/src/gprs/gprs_sndcp_comp.c index b13cb8b23..cae0039a3 100644 --- a/openbsc/src/gprs/gprs_sndcp_comp.c +++ b/openbsc/src/gprs/gprs_sndcp_comp.c @@ -70,7 +70,7 @@ static struct gprs_sndcp_comp *gprs_sndcp_comp_create(const void *ctx, comp_field->v42bis_params->nsapi, sizeof(comp_entity->nsapi)); } else if (comp_field->v44_params) { - comp_entity->nsapi_len = comp_field->v42bis_params->nsapi_len; + comp_entity->nsapi_len = comp_field->v44_params->nsapi_len; memcpy(comp_entity->nsapi, comp_field->v42bis_params->nsapi, sizeof(comp_entity->nsapi)); diff --git a/openbsc/src/gprs/gprs_sndcp_pcomp.c b/openbsc/src/gprs/gprs_sndcp_pcomp.c index 5f6fb2ce4..493b26399 100644 --- a/openbsc/src/gprs/gprs_sndcp_pcomp.c +++ b/openbsc/src/gprs/gprs_sndcp_pcomp.c @@ -141,6 +141,7 @@ static int rfc1144_expand(uint8_t *data, unsigned int len, uint8_t pcomp_index, switch (pcomp_index) { case 0: type = SL_TYPE_IP; + break; case 1: type = SL_TYPE_UNCOMPRESSED_TCP; break; diff --git a/openbsc/src/gprs/gprs_sndcp_xid.c b/openbsc/src/gprs/gprs_sndcp_xid.c index 270bdee11..bb43eab68 100644 --- a/openbsc/src/gprs/gprs_sndcp_xid.c +++ b/openbsc/src/gprs/gprs_sndcp_xid.c @@ -206,7 +206,6 @@ static int encode_pcomp_rohc_params(uint8_t *dst, unsigned int dst_maxlen, /* Bail if number of ROHC profiles exceeds limit * (ROHC supports only a maximum of 16 different profiles) */ - OSMO_ASSERT(params->profile_len >= 0); OSMO_ASSERT(params->profile_len <= 16); /* Zero out buffer */ @@ -475,8 +474,7 @@ static int encode_comp_field(uint8_t *dst, unsigned int dst_maxlen, for (i = 0; i < comp_field->comp_len; i++) { /* Check if submitted PCOMP/DCOMP values are within bounds */ - if ((comp_field->comp[i] < 0) - || (comp_field->comp[i] > 0x0F)) + if (comp_field->comp[i] > 0x0F) return -EINVAL; if (i & 1) { @@ -1360,26 +1358,29 @@ static int gprs_sndcp_fill_table(struct { struct gprs_sndcp_comp_field *comp_field; int i = 0; + int rc; if (!comp_fields) return -EINVAL; if (!lt) return -EINVAL; - memset(lt, 0, lt_len * sizeof(lt)); + memset(lt, 0, sizeof(*lt)); llist_for_each_entry(comp_field, comp_fields, list) { + if (comp_field->algo >= 0) { + lt[i].entity = comp_field->entity; + lt[i].algo = comp_field->algo; + rc = gprs_sndcp_get_compression_class(comp_field); - lt[i].entity = comp_field->entity; - lt[i].algo = comp_field->algo; - lt[i].compclass = gprs_sndcp_get_compression_class(comp_field); + if (rc < 0) { + memset(lt, 0, sizeof(*lt)); + return -EINVAL; + } - if (lt[i].compclass < 0) { - memset(lt, 0, lt_len * sizeof(lt)); - return -EINVAL; + lt[i].compclass = rc; + i++; } - - i++; } return i; diff --git a/openbsc/tests/slhc/slhc_test.c b/openbsc/tests/slhc/slhc_test.c index e8ea02f75..d2e1cd9dc 100644 --- a/openbsc/tests/slhc/slhc_test.c +++ b/openbsc/tests/slhc/slhc_test.c @@ -182,6 +182,8 @@ static void test_slhc(const void *ctx) memset(packet, 0, sizeof(packet)); memset(packet_compr, 0, sizeof(packet_compr)); memset(packet_decompr, 0, sizeof(packet_decompr)); + + OSMO_ASSERT(strlen(packets[i]) < sizeof(packet_ascii)); strcpy(packet_ascii, packets[i]); packet_len = diff --git a/openbsc/tests/v42bis/v42bis_test.c b/openbsc/tests/v42bis/v42bis_test.c index 4e055148e..7e907858d 100644 --- a/openbsc/tests/v42bis/v42bis_test.c +++ b/openbsc/tests/v42bis/v42bis_test.c @@ -318,6 +318,7 @@ static void test_v42bis_tcpip(const void *ctx, int packet_id) len = strlen(uncompr_packets[packet_id]); testvec = talloc_zero_size(ctx, len); len = osmo_hexparse(uncompr_packets[packet_id], testvec, len); + OSMO_ASSERT(len > 0); v42bis(ctx, V42BIS_COMPRESSION_MODE_DYNAMIC, testvec, len); v42bis(ctx, V42BIS_COMPRESSION_MODE_ALWAYS, testvec, len); v42bis(ctx, V42BIS_COMPRESSION_MODE_NEVER, testvec, len);