From patchwork Thu Apr 9 12:22:21 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jacob Erlbeck X-Patchwork-Id: 459722 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.osmocom.org (tmp.osmocom.org [144.76.43.76]) by ozlabs.org (Postfix) with ESMTP id E21111402DC for ; Thu, 9 Apr 2015 22:23:10 +1000 (AEST) Received: from lists.osmocom.org (lists.osmocom.org [144.76.43.76]) by lists.osmocom.org (Postfix) with ESMTP id 9D3094505; Thu, 9 Apr 2015 12:23:07 +0000 (UTC) X-Original-To: openbsc@lists.osmocom.org Delivered-To: openbsc@lists.osmocom.org Received: from mail.sysmocom.de (mail.sysmocom.de [IPv6:2a01:4f8:191:444c::2:4]) by lists.osmocom.org (Postfix) with ESMTP id 7242144E7 for ; Thu, 9 Apr 2015 12:23:04 +0000 (UTC) Received: from sysmocom-tmp.am93.sysmocom.de (ip5b41c286.dynamic.kabel-deutschland.de [91.65.194.134]) by mail.sysmocom.de (Postfix) with ESMTPSA id 96877BD543; Thu, 9 Apr 2015 12:22:32 +0000 (UTC) From: Jacob Erlbeck To: openbsc@lists.osmocom.org Subject: [PATCH 1/2] msgb: Check the return value of msgb_alloc (Coverity) Date: Thu, 9 Apr 2015 14:22:21 +0200 Message-Id: <1428582142-5416-1-git-send-email-jerlbeck@sysmocom.de> X-Mailer: git-send-email 1.9.1 X-BeenThere: openbsc@lists.osmocom.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Development of the OpenBSC GSM base station controller List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openbsc-bounces@lists.osmocom.org Sender: "OpenBSC" In some places, the return value of msgb_alloc/msgb_alloc_headroom is not checked before it is dereferenced. This commit adds NULL checks to return with -ENOMEM from the calling functions if the alloc function has failed. Fixes: Coverity CID 1249692, 1293376 Sponsored-by: On-Waves ehf --- src/gsm/lapdm.c | 3 +++ src/sim/reader.c | 3 +++ 2 files changed, 6 insertions(+) diff --git a/src/gsm/lapdm.c b/src/gsm/lapdm.c index 698f850..54d3a0b 100644 --- a/src/gsm/lapdm.c +++ b/src/gsm/lapdm.c @@ -675,6 +675,9 @@ static int l2_ph_rach_ind(struct lapdm_entity *le, uint8_t ra, uint32_t fn, uint struct gsm_time gt; struct msgb *msg = msgb_alloc_headroom(512, 64, "RSL CHAN RQD"); + if (!msg) + return -ENOMEM; + msg->l2h = msgb_push(msg, sizeof(*ch)); ch = (struct abis_rsl_cchan_hdr *)msg->l2h; rsl_init_cchan_hdr(ch, RSL_MT_CHAN_RQD); diff --git a/src/sim/reader.c b/src/sim/reader.c index 160f175..e7169b5 100644 --- a/src/sim/reader.c +++ b/src/sim/reader.c @@ -58,6 +58,9 @@ static int transceive_apdu_t0(struct osim_card_hdl *st, struct msgb *amsg) uint16_t sw; int rc, num_resp = 0; + if (!tmsg) + return -ENOMEM; + /* create TPDU header from APDU header */ tpduh = (struct osim_apdu_cmd_hdr *) msgb_put(tmsg, sizeof(*tpduh)); memcpy(tpduh, msgb_apdu_h(amsg), sizeof(*tpduh));