mirror of https://gerrit.osmocom.org/libosmocore
tlv_put: guard against NULL val and 0 len
For example encode_auth_info() from gsup.c calls msgb_tlv_put(msg, iei, 0, NULL) to put a tag and len with content data following later. However, this would cause a memcpy() from a NULL pointer, in tlv_put(). Allow passing NULL and len = 0 for cases like the above: If val is NULL, use memset(0) instead of memcpy(). If len is zero, do not copy nor memset anything. Hence make tlv_put() behave in a well-defined and valid way for any and all input args; no negative fallout is possible from this patch. Add proper API doc comment. Fixes a sanitizer build failure in gsup_test: ../../../../src/libosmocore/include/osmocom/gsm/tlv.h:99:2: runtime error: null pointer passed as argument 2, which is declared to never be null Helps fix sanitizer build on debian 9. Change-Id: I13dce9cd1228817890d3e81edeeb660c893c1d64
This commit is contained in:
parent
85f5a2cd9c
commit
e750980d6c
|
@ -90,13 +90,24 @@ static inline uint8_t *lv_put(uint8_t *buf, uint8_t len,
|
||||||
return buf + len;
|
return buf + len;
|
||||||
}
|
}
|
||||||
|
|
||||||
/*! put (append) a TLV field */
|
/*! Append a TLV field, a Tag-Length-Value field.
|
||||||
|
* \param[out] buf Location in a buffer to append TLV at.
|
||||||
|
* \param[in] tag Tag id to write.
|
||||||
|
* \param[in] len Length field to write and amount of bytes to append.
|
||||||
|
* \param[in] val Pointer to data to append, or NULL to append zero data.
|
||||||
|
* Always append tag and length. Append \a len bytes read from \a val. If val is NULL, append \a len zero
|
||||||
|
* bytes instead. If \a len is zero, do not append any data apart from tag and length. */
|
||||||
static inline uint8_t *tlv_put(uint8_t *buf, uint8_t tag, uint8_t len,
|
static inline uint8_t *tlv_put(uint8_t *buf, uint8_t tag, uint8_t len,
|
||||||
const uint8_t *val)
|
const uint8_t *val)
|
||||||
{
|
{
|
||||||
*buf++ = tag;
|
*buf++ = tag;
|
||||||
*buf++ = len;
|
*buf++ = len;
|
||||||
|
if (len) {
|
||||||
|
if (val)
|
||||||
memcpy(buf, val, len);
|
memcpy(buf, val, len);
|
||||||
|
else
|
||||||
|
memset(buf, 0, len);
|
||||||
|
}
|
||||||
return buf + len;
|
return buf + len;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue