cellular-infrastructure
/
osmo-mgw
mirror of https://gerrit.osmocom.org/osmo-mgw
10
0
Fork 0
Code Issues Releases Wiki Activity

osmux: fix nullpointer dereference 

in point_lookup() the connection pointer is determined using
mgcp_conn_get_rtp() this function may return 0. At the moment
there are no nullpointer checks implemented

Add checks to test for nullpointer.

Fixes: Coverity CID#178662
Change-Id: If9a3c1ac002bc8adc90ca1c1c3dd1db4feea07ac
This commit is contained in:
Philipp Maier 2017-11-07 12:18:38 +01:00 committed by Neels Hofmeyr
parent 653c4ff354
commit ddf1f9d7d5
1 changed files with 10 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/libosmo-mgcp/mgcp_osmux.c
View File

@ -207,12 +207,18 @@ endpoint_lookup(struct mgcp_config *cfg, int cid,
case MGCP_DEST_NET:
/* FIXME: Get rid of CONN_ID_XXX! */
conn_net = mgcp_conn_get_rtp(endp, CONN_ID_NET);
this = &conn_net->end.addr;
if (conn_net)
this = &conn_net->end.addr;
else
this = NULL;
break;
case MGCP_DEST_BTS:
/* FIXME: Get rid of CONN_ID_XXX! */
conn_bts = mgcp_conn_get_rtp(endp, CONN_ID_BTS);
this = &conn_bts->end.addr;
if (conn_bts)
this = &conn_bts->end.addr;
else
this = NULL;
break;
default:
/* Should not ever happen */
@ -222,7 +228,8 @@ endpoint_lookup(struct mgcp_config *cfg, int cid,
/* FIXME: Get rid of CONN_ID_XXX! */
conn_net = mgcp_conn_get_rtp(endp, CONN_ID_NET);
if (conn_net->osmux.cid == cid && this->s_addr == from_addr->s_addr)
if (conn_net && this && conn_net->osmux.cid == cid
&& this->s_addr == from_addr->s_addr)
return endp;
}