From b73631455bc6b9304d72eb4af0d4510f28f6368e Mon Sep 17 00:00:00 2001
From: Harald Welte <laforge@gnumonks.org>
Date: Fri, 23 Jul 2010 21:59:29 +0200
Subject: [gprs] BSSGP: Fix null pointer dereference

Zecke has found this using "make CC="clang --analyze"
---
 openbsc/src/gprs/gprs_bssgp.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'openbsc/src')

diff --git a/openbsc/src/gprs/gprs_bssgp.c b/openbsc/src/gprs/gprs_bssgp.c
index 30bc0f9b..051ec92f 100644
--- a/openbsc/src/gprs/gprs_bssgp.c
+++ b/openbsc/src/gprs/gprs_bssgp.c
@@ -429,7 +429,7 @@ static int bssgp_rx_resume(struct msgb *msg, struct tlv_parsed *tp,
 static int bssgp_rx_llc_disc(struct msgb *msg, struct tlv_parsed *tp,
 			     struct bssgp_bvc_ctx *ctx)
 {
-	uint32_t tlli;
+	uint32_t tlli = 0;
 
 	if (!TLVP_PRESENT(tp, BSSGP_IE_TLLI) ||
 	    !TLVP_PRESENT(tp, BSSGP_IE_LLC_FRAMES_DISCARDED) ||
@@ -439,7 +439,8 @@ static int bssgp_rx_llc_disc(struct msgb *msg, struct tlv_parsed *tp,
 			"missing mandatory IE\n", ctx->bvci);
 	}
 
-	tlli = ntohl(*(uint32_t *)TLVP_VAL(tp, BSSGP_IE_TLLI));
+	if (TLVP_PRESENT(tp, BSSGP_IE_TLLI))
+		tlli = ntohl(*(uint32_t *)TLVP_VAL(tp, BSSGP_IE_TLLI));
 
 	DEBUGP(DBSSGP, "BSSGP BVCI=%u TLLI=%08x LLC DISCARDED\n",
 		ctx->bvci, tlli);
-- 
cgit v1.2.3