From 677b5396cbdf3d98b31190dbbd4b668995ffe936 Mon Sep 17 00:00:00 2001 From: Neels Hofmeyr Date: Fri, 8 Dec 2023 06:49:32 +0100 Subject: [PATCH] fix possible NULL deref on early media end.codec may be NULL, depending on whether a single matching codec could be found or not, i.e. based on external input. So let's not crash if an RTP packet arrives while end.codec == NULL. Change-Id: I9bfb55a343b3f2b1459e0aba4ee71a6133b992b3 --- src/libosmo-mgcp/mgcp_network.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/libosmo-mgcp/mgcp_network.c b/src/libosmo-mgcp/mgcp_network.c index 674c0964f..e37437dfa 100644 --- a/src/libosmo-mgcp/mgcp_network.c +++ b/src/libosmo-mgcp/mgcp_network.c @@ -1514,8 +1514,9 @@ static int rx_rtp(struct msgb *msg) return -1; /* Handle AMR frame format conversion (octet-aligned vs. bandwith-efficient) */ - if (mc->proto == MGCP_PROTO_RTP && - mgcp_codec_amr_align_mode_is_indicated(conn_src->end.codec)) { + if (mc->proto == MGCP_PROTO_RTP + && conn_src->end.codec + && mgcp_codec_amr_align_mode_is_indicated(conn_src->end.codec)) { /* Make sure that the incoming AMR frame format matches the frame format that the call agent has * communicated via SDP when the connection was created/modfied. */ int oa = amr_oa_check((char*)msgb_data(msg), msgb_length(msg));