Actions
Bug #5597
closedfix uninitialized address CID 273006
Start date:
06/29/2022
Due date:
% Done:
100%
Spec Reference:
Description
*** CID 273006: (UNINIT)
/source-Osmocom/osmo-bsc-nat/src/osmo-bsc-nat/bsc_nat_fsm.c: 136 in sccp_sap_up_cn()
130 break;
131
132 case OSMO_PRIM(OSMO_SCU_PRIM_N_DISCONNECT, PRIM_OP_INDICATION):
133 /* indication of disconnect */
134 subscr_conn = subscr_conn_get_by_id(prim->u.disconnect.conn_id, BSC_NAT_NET_CN);
135 if (!subscr_conn) {
>>> CID 273006: (UNINIT)
>>> Using uninitialized value "addr" when calling "bsc_nat_print_addr".
136 LOGP(DMAIN, LOGL_ERROR, "Unknown conn_id=%" PRIu32 " from %s\n", prim->u.disconnect.conn_id,
137 bsc_nat_print_addr_cn(addr));
138 goto error;
139 }
140
141 LOGP(DMAIN, LOGL_DEBUG, "Fwd via %s\n", talloc_get_name(subscr_conn));
/source-Osmocom/osmo-bsc-nat/src/osmo-bsc-nat/bsc_nat_fsm.c: 124 in sccp_sap_up_cn()
118 break;
119
120 case OSMO_PRIM(OSMO_SCU_PRIM_N_DATA, PRIM_OP_INDICATION):
121 /* connection-oriented data received */
122 subscr_conn = subscr_conn_get_by_id(prim->u.data.conn_id, BSC_NAT_NET_CN);
123 if (!subscr_conn) {
>>> CID 273006: (UNINIT)
>>> Using uninitialized value "addr" when calling "bsc_nat_print_addr".
124 LOGP(DMAIN, LOGL_ERROR, "Unknown conn_id=%" PRIu32 " from %s\n", prim->u.data.conn_id,
125 bsc_nat_print_addr_cn(addr));
126 goto error;
127 }
128
129 rc = bssap_handle_dt(BSC_NAT_NET_CN, subscr_conn, oph->msg, msgb_l2len(oph->msg));
** CID 273005: (UNINIT)
The address variable is uninitialized in case OSMO_PRIM(OSMO_SCU_PRIM_N_DATA, PRIM_OP_INDICATION) and OSMO_PRIM(OSMO_SCU_PRIM_N_DISCONNECT, PRIM_OP_INDICATION. Its only used to print it in the log, which means removing bsc_nat_print_addr_cn(addr) from the log statement would fix the problem. Unfortunately this also would make debugging more difficult, however there seems also to be no way to ask libosmo-sccp for the address of a particular conn_id.
Updated by dexter almost 2 years ago
There seems to be more of the same problem:
*** CID 273005: (UNINIT)
/source-Osmocom/osmo-bsc-nat/src/osmo-bsc-nat/bsc_nat_fsm.c: 261 in sccp_sap_up_ran()
255 break;
256
257 case OSMO_PRIM(OSMO_SCU_PRIM_N_DISCONNECT, PRIM_OP_INDICATION):
258 /* indication of disconnect */
259 subscr_conn = subscr_conn_get_by_id(prim->u.disconnect.conn_id, BSC_NAT_NET_RAN);
260 if (!subscr_conn) {
>>> CID 273005: (UNINIT)
>>> Using uninitialized value "addr" when calling "bsc_nat_print_addr".
261 LOGP(DMAIN, LOGL_ERROR, "Unknown conn_id=%" PRIu32 " from %s\n", prim->u.disconnect.conn_id,
262 bsc_nat_print_addr_ran(addr));
263 goto error;
264 }
265
266 LOGP(DMAIN, LOGL_DEBUG, "Fwd via %s\n", talloc_get_name(subscr_conn));
/source-Osmocom/osmo-bsc-nat/src/osmo-bsc-nat/bsc_nat_fsm.c: 249 in sccp_sap_up_ran()
243 break;
244
245 case OSMO_PRIM(OSMO_SCU_PRIM_N_DATA, PRIM_OP_INDICATION):
246 /* connection-oriented data received */
247 subscr_conn = subscr_conn_get_by_id(prim->u.data.conn_id, BSC_NAT_NET_RAN);
248 if (!subscr_conn) {
>>> CID 273005: (UNINIT)
>>> Using uninitialized value "addr" when calling "bsc_nat_print_addr".
249 LOGP(DMAIN, LOGL_ERROR, "Unknown conn_id=%" PRIu32 " from %s\n", prim->u.data.conn_id,
250 bsc_nat_print_addr_ran(addr));
251 goto error;
252 }
253
254 rc = bssap_handle_dt(BSC_NAT_NET_RAN, subscr_conn, oph->msg, msgb_l2len(oph->msg));
Updated by osmith almost 2 years ago
- Status changed from New to Resolved
- % Done changed from 0 to 100
Actions
