From 36a0ca83abde4e547f69c1989d24d24c5f394fb5 Mon Sep 17 00:00:00 2001 From: Harald Welte Date: Thu, 27 Apr 2017 12:02:47 +0200 Subject: sclc_rx_cldt(): Don't try to dereference user data_ie without check While the SUA / SCCP2SUA code is ensuring that mandatory information elements such as the user data IE in a CLDT message, we might still have current or future callers of sclc_rx_cldt() that don't comply with that. So let's make sure data_ie is valid before dereferencing it. Change-Id: Ia102f6c4cd5c6c3f823cb219635c42b9a87765f8 Fixes: coverity CID#166942 --- src/sccp_sclc.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/sccp_sclc.c b/src/sccp_sclc.c index 7cdfac5..262b2c0 100644 --- a/src/sccp_sclc.c +++ b/src/sccp_sclc.c @@ -156,6 +156,11 @@ static int sclc_rx_cldt(struct osmo_sccp_instance *inst, struct xua_msg *xua) struct osmo_sccp_user *scu; uint32_t protocol_class; + if (!data_ie) { + LOGP(DLSCCP, LOGL_ERROR, "SCCP/SUA CLDT without user data?!?\n"); + return -1; + } + /* fill primitive */ prim = (struct osmo_scu_prim *) msgb_put(upmsg, sizeof(*prim)); param = &prim->u.unitdata; -- cgit v1.2.3