Project

General

Profile

Bug #3406

nullpointer deref in mgcp_protocol.c, function etup_rtp_processing()

Added by dexter about 1 year ago. Updated 12 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
-
Target version:
-
Start date:
07/19/2018
Due date:
% Done:

100%


Description

osmo-mgw occasionally runs into a nullpointer deref problem:

osmo-mgw/src/libosmo-mgcp/mgcp_protocol.c:92:9: runtime error: member access within null pointer of type 'struct mgcp_conn_rtp'

looking in static int setup_rtp_processing(struct mgcp_endpoint *endp, struct mgcp_conn_rtp *conn), we can see that there is a function pointer executed:setup_rtp_processing(struct mgcp_endpoint *endp, struct mgcp_conn_rtp *conn). While conn_dst is always populated with some conn, there is a chance that conn_src is still NULL. then the deref to conn_dst->end fails.

We could check before we execute the function pointer, but maybe the function there needs to know that there is some null pointer connection and take actions in those cases. The function pointer should get struct mgcp_conn_rtp pointers rather then struct mgcp_rtp_end, then we do not need to dereference early and the function itself can check and take action if needed.

History

#1 Updated by dexter about 1 year ago

  • Status changed from New to In Progress
  • % Done changed from 0 to 100

I think that should fix the problem:

https://gerrit.osmocom.org/#/c/osmo-mgw/+/10055 protocol: prevent unnecessary null pointer deref

#2 Updated by dexter 12 months ago

  • Status changed from In Progress to Resolved

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 48.8 MB)