From 962b33ea9d9640bcd0ed0f18c278cc55207d0f46 Mon Sep 17 00:00:00 2001
From: Philipp <pmaier@sysmocom.de>
Date: Mon, 9 Jan 2017 12:30:40 +0100
Subject: [PATCH] OML: fix possible segfault: add NULL check in
 oml_ipa_set_attr()

oml_ipa_set_attr() is using gsm_objclass2mo() to determine the
*mo object. However, it is possible that gsm_objclass2mo() returns a
null-pointer. The code following up is using *mo without checking.
Reject instead of dereferencing a NULL *mo.

Fixes: coverity scan CID#159533
Change-Id: Ia2cc9bc504c46ca3843c43d712cd8649bfae9526
---
 src/common/oml.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/common/oml.c b/src/common/oml.c
index 8ccfcc663..88c9abd64 100644
--- a/src/common/oml.c
+++ b/src/common/oml.c
@@ -1048,6 +1048,8 @@ static int oml_ipa_set_attr(struct gsm_bts *bts, struct msgb *msg)
 	rc = oml_tlv_parse(&tp, foh->data, msgb_l3len(msg) - sizeof(*foh));
 	if (rc < 0) {
 		mo = gsm_objclass2mo(bts, foh->obj_class, &foh->obj_inst);
+		if (!mo)
+			return oml_fom_ack_nack(msg, NM_NACK_OBJINST_UNKN);
 		oml_tx_failure_event_rep(mo, OSMO_EVT_MAJ_UNSUP_ATTR,
 					 "New value for IPAC Set Attribute not "
 					 "supported\n");