diff options
authorHarald Welte <laforge@gnumonks.org>2017-04-27 12:02:47 +0200
committerHarald Welte <laforge@gnumonks.org>2017-04-27 12:02:47 +0200
commit36a0ca83abde4e547f69c1989d24d24c5f394fb5 (patch)
parent14bdce0743a8dd4f481f37aaa81a7dd7103394cd (diff)
sclc_rx_cldt(): Don't try to dereference user data_ie without check
While the SUA / SCCP2SUA code is ensuring that mandatory information elements such as the user data IE in a CLDT message, we might still have current or future callers of sclc_rx_cldt() that don't comply with that. So let's make sure data_ie is valid before dereferencing it. Change-Id: Ia102f6c4cd5c6c3f823cb219635c42b9a87765f8 Fixes: coverity CID#166942
1 files changed, 5 insertions, 0 deletions
diff --git a/src/sccp_sclc.c b/src/sccp_sclc.c
index 7cdfac5..262b2c0 100644
--- a/src/sccp_sclc.c
+++ b/src/sccp_sclc.c
@@ -156,6 +156,11 @@ static int sclc_rx_cldt(struct osmo_sccp_instance *inst, struct xua_msg *xua)
struct osmo_sccp_user *scu;
uint32_t protocol_class;
+ if (!data_ie) {
+ LOGP(DLSCCP, LOGL_ERROR, "SCCP/SUA CLDT without user data?!?\n");
+ return -1;
+ }
/* fill primitive */
prim = (struct osmo_scu_prim *) msgb_put(upmsg, sizeof(*prim));
param = &prim->u.unitdata;