gsm_04_08: Fix nullpointer deref
The pointers conn, conn->vsub and conn->vsub->last_tuple are checked, but before the check those pointers are already dereferenced during assignment. This defeats the purpose of the check. Lets dereference those pointers after the check. Fixes: CID#190404 Change-Id: Ice4992606f3799eac13154ec0b9f53e46d2e178e
This commit is contained in:
parent
9b9e76fe01
commit
ec5901c8f2
|
@ -1603,12 +1603,12 @@ osmo_static_assert(sizeof(((struct gsm0808_encrypt_info*)0)->key) >= sizeof(((st
|
|||
|
||||
int ran_conn_geran_set_cipher_mode(struct ran_conn *conn, bool umts_aka, bool retrieve_imeisv)
|
||||
{
|
||||
struct gsm_network *net = conn->network;
|
||||
struct gsm_network *net;
|
||||
struct gsm0808_encrypt_info ei;
|
||||
int i, j = 0;
|
||||
int request_classmark = 0;
|
||||
int request_classmark_for_a5_n = 0;
|
||||
struct vlr_auth_tuple *tuple = conn->vsub->last_tuple;
|
||||
struct vlr_auth_tuple *tuple;
|
||||
|
||||
if (!conn || !conn->vsub || !conn->vsub->last_tuple) {
|
||||
/* This should really never happen, because we checked this in msc_vlr_set_ciph_mode()
|
||||
|
@ -1617,6 +1617,9 @@ int ran_conn_geran_set_cipher_mode(struct ran_conn *conn, bool umts_aka, bool re
|
|||
return -EINVAL;
|
||||
}
|
||||
|
||||
net = conn->network;
|
||||
tuple = conn->vsub->last_tuple;
|
||||
|
||||
for (i = 0; i < 8; i++) {
|
||||
int supported;
|
||||
|
||||
|
|
Loading…
Reference in New Issue