From patchwork Tue Apr 7 15:52:44 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jacob Erlbeck X-Patchwork-Id: 458708 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.osmocom.org (unknown [IPv6:2a01:4f8:191:444b::2:7]) by ozlabs.org (Postfix) with ESMTP id 6628D14027F for ; Wed, 8 Apr 2015 01:53:57 +1000 (AEST) Received: from lists.osmocom.org (lists.osmocom.org [144.76.43.76]) by lists.osmocom.org (Postfix) with ESMTP id 3AA622C6D; Tue, 7 Apr 2015 15:53:56 +0000 (UTC) X-Original-To: openbsc@lists.osmocom.org Delivered-To: openbsc@lists.osmocom.org Received: from ganesha.gnumonks.org (ganesha.gnumonks.org [213.95.27.120]) by lists.osmocom.org (Postfix) with ESMTP id C2F0E2C5C for ; Tue, 7 Apr 2015 15:53:54 +0000 (UTC) Received: from mail.sysmocom.de ([144.76.43.93]) by ganesha.gnumonks.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.72) (envelope-from ) id 1YfVoz-000738-6R for openbsc@lists.osmocom.org; Tue, 07 Apr 2015 17:53:54 +0200 Received: from sysmocom-tmp.am93.sysmocom.de (ip5b41c286.dynamic.kabel-deutschland.de [91.65.194.134]) by mail.sysmocom.de (Postfix) with ESMTPSA id 4F49CBBEFE; Tue, 7 Apr 2015 15:53:03 +0000 (UTC) From: Jacob Erlbeck To: openbsc@lists.osmocom.org Subject: [PATCH 2/3] bssgp: Ensure non-NULL bctx before calling bssgp_rx_ptp (Coverity) Date: Tue, 7 Apr 2015 17:52:44 +0200 Message-Id: <1428421965-3534-2-git-send-email-jerlbeck@sysmocom.de> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1428421965-3534-1-git-send-email-jerlbeck@sysmocom.de> References: <1428421965-3534-1-git-send-email-jerlbeck@sysmocom.de> X-Spam-Score: 0.8 (/) X-Spam-Report: SpamASsassin versoin 3.3.1 on ganesha.gnumonks.org summary: Content analysis details: (0.8 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 2.7 DNS_FROM_AHBL_RHSBL RBL: Envelope sender listed in dnsbl.ahbl.org -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0034] X-BeenThere: openbsc@lists.osmocom.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Development of the OpenBSC GSM base station controller List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openbsc-bounces@lists.osmocom.org Sender: "OpenBSC" Currently bssgp_rx_ptp might be called with bctx being NULL, when the NS BVCI is neither BVCI_SIGNALLING nor BVCI_PTM, but the message is a BVC_RESET or it contains an BVCI IE != BVCI_SIGNALLING where the BVCI is not known. This patch ensures that bssgp_rx_ptp will only be called with a non-NULL bctx. A log message will be issued, if the bctx is NULL when this was not expected. Fixes: Coverity CID 1040674 Sponsored-by: On-Waves ehf --- src/gb/gprs_bssgp.c | 7 ++++++- tests/gb/gprs_bssgp_test.c | 17 +++++++++++++++++ 2 files changed, 23 insertions(+), 1 deletion(-) diff --git a/src/gb/gprs_bssgp.c b/src/gb/gprs_bssgp.c index a3fd6aa..4c93b69 100644 --- a/src/gb/gprs_bssgp.c +++ b/src/gb/gprs_bssgp.c @@ -1073,8 +1073,13 @@ int bssgp_rcvmsg(struct msgb *msg) rc = bssgp_rx_sign(msg, &tp, bctx); else if (ns_bvci == BVCI_PTM) rc = bssgp_tx_status(BSSGP_CAUSE_PDU_INCOMP_FEAT, NULL, msg); - else + else if (bctx) rc = bssgp_rx_ptp(msg, &tp, bctx); + else + LOGP(DBSSGP, LOGL_NOTICE, + "NSEI=%u/BVCI=%u Cannot handle PDU type %u for " + "unknown BVCI, NS BVCI %u\n", + msgb_nsei(msg), bvci, pdu_type, ns_bvci); return rc; } diff --git a/tests/gb/gprs_bssgp_test.c b/tests/gb/gprs_bssgp_test.c index 3d1384b..b454430 100644 --- a/tests/gb/gprs_bssgp_test.c +++ b/tests/gb/gprs_bssgp_test.c @@ -159,6 +159,22 @@ static void test_bssgp_status(void) printf("----- %s END\n", __func__); } +static void test_bssgp_bad_reset() +{ + struct msgb *msg = bssgp_msgb_alloc(); + uint16_t bvci_be = htons(2); + uint8_t cause = BSSGP_CAUSE_OML_INTERV; + + msgb_v_put(msg, BSSGP_PDUT_BVC_RESET); + msgb_tvlv_put(msg, BSSGP_IE_BVCI, sizeof(bvci_be), (uint8_t *)&bvci_be); + msgb_tvlv_put(msg, BSSGP_IE_CAUSE, sizeof(cause), &cause); + + msgb_bvci(msg) = 0xbad; + + msgb_bssgp_send_and_free(msg); +} + + static struct log_info info = {}; int main(int argc, char **argv) @@ -181,6 +197,7 @@ int main(int argc, char **argv) printf("===== BSSGP test START\n"); test_bssgp_suspend_resume(); test_bssgp_status(); + test_bssgp_bad_reset(); printf("===== BSSGP test END\n\n"); exit(EXIT_SUCCESS);