From dc43f7d3c73dc4cbe4e94668c635f056756f6d8a Mon Sep 17 00:00:00 2001
From: Alexander Couzens <lynxis@fe80.eu>
Date: Wed, 3 Feb 2021 11:53:11 +0100
Subject: gprs_ns2_frgre: check iph/ip6h before passing them to rx functions

With IPv4 and IPv6 support it's not guaranteed that iph/ip6h is valid.

Related CID#214288

Change-Id: If9015906917e3ad11d14b84c29d64f28a3158144
---
 src/gb/gprs_ns2_frgre.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

(limited to 'src')

diff --git a/src/gb/gprs_ns2_frgre.c b/src/gb/gprs_ns2_frgre.c
index f163704e..177aeb20 100644
--- a/src/gb/gprs_ns2_frgre.c
+++ b/src/gb/gprs_ns2_frgre.c
@@ -351,11 +351,17 @@ static struct msgb *read_nsfrgre_msg(struct osmo_fd *bfd, int *error,
 	switch (osmo_ntohs(greh->ptype)) {
 	case GRE_PTYPE_IPv4:
 		/* IPv4 messages might be GRE keepalives */
-		*error = handle_rx_gre_ipv4(bfd, msg, iph, greh);
+		if (iph)
+			*error = handle_rx_gre_ipv4(bfd, msg, iph, greh);
+		else
+			*error = -EIO;
 		goto out_err;
 		break;
 	case GRE_PTYPE_IPv6:
-		*error = handle_rx_gre_ipv6(bfd, msg, ip6h, greh);
+		if (ip6h)
+			*error = handle_rx_gre_ipv6(bfd, msg, ip6h, greh);
+		else
+			*error = -EIO;
 		goto out_err;
 		break;
 	case GRE_PTYPE_FR:
-- 
cgit v1.2.3