From 5112d60ff7d7cafb21a6a8ace7d692e6ef2b500a Mon Sep 17 00:00:00 2001
From: Harald Welte <laforge@gnumonks.org>
Date: Thu, 27 Apr 2017 10:20:31 +0200
Subject: Address some negative integer handling issues

If for some reason we cannot resolve the file descriptor for a given
FSM, we shouldn't attempt to send data through it.

Fixes: coverity CID#167155, CID#167154, CID#167153, CID#167152, CID#167151, CID#167151
Change-Id: I8b1a676b653bcdad21cb7927d549f499950a2b73
---
 src/xua_asp_fsm.c | 21 ++++++++++++++-------
 1 file changed, 14 insertions(+), 7 deletions(-)

diff --git a/src/xua_asp_fsm.c b/src/xua_asp_fsm.c
index 2b5bfdd..d54d45e 100644
--- a/src/xua_asp_fsm.c
+++ b/src/xua_asp_fsm.c
@@ -769,8 +769,10 @@ static void ipa_asp_fsm_down(struct osmo_fsm_inst *fi, uint32_t event, void *dat
 	case XUA_ASP_E_SCTP_EST_IND:
 		if (iafp->role == XUA_ASPFSM_ROLE_SG) {
 			/* Server: Transmit IPA ID GET + Wait for Response */
-			ipa_ccm_send_id_req(fd);
-			osmo_fsm_inst_state_chg(fi, IPA_ASP_S_WAIT_ID_RESP, 10, T_WAIT_ID_RESP);
+			if (fd >= 0) {
+				ipa_ccm_send_id_req(fd);
+				osmo_fsm_inst_state_chg(fi, IPA_ASP_S_WAIT_ID_RESP, 10, T_WAIT_ID_RESP);
+			}
 		} else {
 			/* Client: We simply wait for an ID GET */
 			osmo_fsm_inst_state_chg(fi, IPA_ASP_S_WAIT_ID_GET, 10, T_WAIT_ID_GET);
@@ -818,8 +820,10 @@ static void ipa_asp_fsm_wait_id_resp(struct osmo_fsm_inst *fi, uint32_t event, v
 		osmo_ss7_as_add_asp(as, asp->cfg.name);
 		/* TODO: OAP Authentication? */
 		/* Send ID_ACK */
-		ipaccess_send_id_ack(fd);
-		osmo_fsm_inst_state_chg(fi, IPA_ASP_S_WAIT_ID_ACK2, 10, T_WAIT_ID_ACK);
+		if (fd >= 0) {
+			ipaccess_send_id_ack(fd);
+			osmo_fsm_inst_state_chg(fi, IPA_ASP_S_WAIT_ID_ACK2, 10, T_WAIT_ID_ACK);
+		}
 		break;
 	}
 	return;
@@ -878,8 +882,10 @@ static void ipa_asp_fsm_wait_id_ack(struct osmo_fsm_inst *fi, uint32_t event, vo
 	case IPA_ASP_E_ID_ACK:
 		/* Send ACK2 to server */
 		fd = get_fd_from_iafp(iafp);
-		ipaccess_send_id_ack(fd);
-		osmo_fsm_inst_state_chg(fi, IPA_ASP_S_ACTIVE, 0, 0);
+		if (fd >= 0) {
+			ipaccess_send_id_ack(fd);
+			osmo_fsm_inst_state_chg(fi, IPA_ASP_S_ACTIVE, 0, 0);
+		}
 		break;
 	}
 }
@@ -911,7 +917,8 @@ static void ipa_asp_allstate(struct osmo_fsm_inst *fi, uint32_t event, void *dat
 	case XUA_ASP_E_ASPSM_BEAT:
 		/* PING -> PONG */
 		fd = get_fd_from_iafp(iafp);
-		ipaccess_send_pong(fd);
+		if (fd >= 0)
+			ipaccess_send_pong(fd);
 		break;
 	case XUA_ASP_E_ASPSM_BEAT_ACK:
 		/* stop timer, if any */
-- 
cgit v1.2.3