cellular-infrastructure
/
osmo-gbproxy
mirror of https://gerrit.osmocom.org/osmo-gbproxy
9
0
Fork 0
Code Issues Releases Wiki Activity

gbproxy: Fix segfault when receiving PAGING for unknown destination 

The 'nse' variable had been used both as the input argument of the
SGSN-side NSE, as well as a loop iteration variable.  Let's separate
this clearly.

Closes: OS#4904
Change-Id: I375a219cd72eb11a9a0cb7d55a3efb7b83b771ac
This commit is contained in:
Harald Welte 2020-12-12 15:58:28 +01:00
parent 664c24e30e
commit df690e819b
1 changed files with 7 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/gb_proxy.c
View File

@ -828,11 +828,12 @@ err_no_bvc:
}
/* Receive paging request from SGSN, we need to relay to proper BSS */
static int gbprox_rx_paging(struct gbproxy_nse *nse, struct msgb *msg, const char *pdut_name,
static int gbprox_rx_paging(struct gbproxy_nse *sgsn_nse, struct msgb *msg, const char *pdut_name,
struct tlv_parsed *tp, uint16_t ns_bvci)
{
struct gbproxy_config *cfg = nse->cfg;
struct gbproxy_config *cfg = sgsn_nse->cfg;
struct gbproxy_bvc *sgsn_bvc, *bss_bvc;
struct gbproxy_nse *nse;
unsigned int n_nses = 0;
int errctr = GBPROX_GLOB_CTR_PROTO_ERR_SGSN;
int i, j;
@ -842,9 +843,9 @@ static int gbprox_rx_paging(struct gbproxy_nse *nse, struct msgb *msg, const cha
if (TLVP_PRES_LEN(tp, BSSGP_IE_BVCI, 2)) {
uint16_t bvci = ntohs(tlvp_val16_unal(tp, BSSGP_IE_BVCI));
errctr = GBPROX_GLOB_CTR_OTHER_ERR;
sgsn_bvc = gbproxy_bvc_by_bvci(nse, bvci);
sgsn_bvc = gbproxy_bvc_by_bvci(sgsn_nse, bvci);
if (!sgsn_bvc) {
LOGPNSE(nse, LOGL_NOTICE, "Rx %s: unable to route: BVCI=%05u unknown\n",
LOGPNSE(sgsn_nse, LOGL_NOTICE, "Rx %s: unable to route: BVCI=%05u unknown\n",
pdut_name, bvci);
rate_ctr_inc(&cfg->ctrg->ctr[errctr]);
return -EINVAL;
@ -893,12 +894,12 @@ static int gbprox_rx_paging(struct gbproxy_nse *nse, struct msgb *msg, const cha
}
}
} else {
LOGPNSE(nse, LOGL_ERROR, "BSSGP PAGING: unable to route, missing IE\n");
LOGPNSE(sgsn_nse, LOGL_ERROR, "BSSGP PAGING: unable to route, missing IE\n");
rate_ctr_inc(&cfg->ctrg->ctr[errctr]);
}
if (n_nses == 0) {
LOGPNSE(nse, LOGL_ERROR, "BSSGP PAGING: unable to route, no destination found\n");
LOGPNSE(sgsn_nse, LOGL_ERROR, "BSSGP PAGING: unable to route, no destination found\n");
rate_ctr_inc(&cfg->ctrg->ctr[errctr]);
return -EINVAL;
}