From be55e1fd83f768aadfc8e8c1cd19d4f810bb9cfe Mon Sep 17 00:00:00 2001
From: Vadim Yanitskiy <vyanitskiy@sysmocom.de>
Date: Sat, 9 Dec 2023 05:19:06 +0700
Subject: [PATCH] llc: fix l3par check in gprs_llc_lle_generate_xid()

A NULL pointer dereference is possible if this function is called
with l3par being NULL, but l3par_len being greater than 0.

Change-Id: I80c18a45a248b85901d455bfb17e81734fa5961d
Fixes: CID#300602
---
 src/llc/llc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/llc/llc.c b/src/llc/llc.c
index 48d1ba6..f8c6ba1 100644
--- a/src/llc/llc.c
+++ b/src/llc/llc.c
@@ -475,7 +475,7 @@ static int gprs_llc_lle_generate_xid(struct gprs_llc_lle *lle, uint8_t *bytes, i
 	xid_fields[2].type = OSMO_GPRS_LLC_XID_T_N201_I;
 	xid_fields[2].val = lle->params.n201_i;
 
-	if (l3par_len > 0) {
+	if (l3par != NULL && l3par_len > 0) {
 		xid_fields[3].type = OSMO_GPRS_LLC_XID_T_L3_PAR;
 		xid_fields[3].var.val_len = l3par_len;
 		if (l3par_len > 0) {