[1/2] msgb: Check the return value of msgb_alloc (Coverity)
diff mbox

Message ID 1428582142-5416-1-git-send-email-jerlbeck@sysmocom.de
State Accepted
Headers show

Commit Message

Jacob Erlbeck April 9, 2015, 12:22 p.m. UTC
In some places, the return value of msgb_alloc/msgb_alloc_headroom
is not checked before it is dereferenced.

This commit adds NULL checks to return with -ENOMEM from the calling
functions if the alloc function has failed.

Fixes: Coverity CID 1249692, 1293376
Sponsored-by: On-Waves ehf
---
 src/gsm/lapdm.c  | 3 +++
 src/sim/reader.c | 3 +++
 2 files changed, 6 insertions(+)

Patch
diff mbox

diff --git a/src/gsm/lapdm.c b/src/gsm/lapdm.c
index 698f850..54d3a0b 100644
--- a/src/gsm/lapdm.c
+++ b/src/gsm/lapdm.c
@@ -675,6 +675,9 @@  static int l2_ph_rach_ind(struct lapdm_entity *le, uint8_t ra, uint32_t fn, uint
 	struct gsm_time gt;
 	struct msgb *msg = msgb_alloc_headroom(512, 64, "RSL CHAN RQD");
 
+	if (!msg)
+		return -ENOMEM;
+
 	msg->l2h = msgb_push(msg, sizeof(*ch));
 	ch = (struct abis_rsl_cchan_hdr *)msg->l2h;
 	rsl_init_cchan_hdr(ch, RSL_MT_CHAN_RQD);
diff --git a/src/sim/reader.c b/src/sim/reader.c
index 160f175..e7169b5 100644
--- a/src/sim/reader.c
+++ b/src/sim/reader.c
@@ -58,6 +58,9 @@  static int transceive_apdu_t0(struct osim_card_hdl *st, struct msgb *amsg)
 	uint16_t sw;
 	int rc, num_resp = 0;
 
+	if (!tmsg)
+		return -ENOMEM;
+
 	/* create TPDU header from APDU header */
 	tpduh = (struct osim_apdu_cmd_hdr *) msgb_put(tmsg, sizeof(*tpduh));
 	memcpy(tpduh, msgb_apdu_h(amsg), sizeof(*tpduh));