summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJacob Erlbeck <jerlbeck@sysmocom.de>2015-04-09 14:22:21 +0200
committerHolger Hans Peter Freyther <holger@moiji-mobile.com>2015-04-10 08:44:15 +0200
commitd154f8bda2e379a8a0e1c3712a9af6a9d97b7b97 (patch)
treeaef161c0c8206235919c758da8583e6d380edcfd
parent8d192d7153498498ff6232209c900e67256b8036 (diff)
msgb: Check the return value of msgb_alloc (Coverity)
In some places, the return value of msgb_alloc/msgb_alloc_headroom is not checked before it is dereferenced. This commit adds NULL checks to return with -ENOMEM from the calling functions if the alloc function has failed. Fixes: Coverity CID 1249692, 1293376 Sponsored-by: On-Waves ehf
-rw-r--r--src/gsm/lapdm.c3
-rw-r--r--src/sim/reader.c3
2 files changed, 6 insertions, 0 deletions
diff --git a/src/gsm/lapdm.c b/src/gsm/lapdm.c
index 698f8502..54d3a0b8 100644
--- a/src/gsm/lapdm.c
+++ b/src/gsm/lapdm.c
@@ -675,6 +675,9 @@ static int l2_ph_rach_ind(struct lapdm_entity *le, uint8_t ra, uint32_t fn, uint
struct gsm_time gt;
struct msgb *msg = msgb_alloc_headroom(512, 64, "RSL CHAN RQD");
+ if (!msg)
+ return -ENOMEM;
+
msg->l2h = msgb_push(msg, sizeof(*ch));
ch = (struct abis_rsl_cchan_hdr *)msg->l2h;
rsl_init_cchan_hdr(ch, RSL_MT_CHAN_RQD);
diff --git a/src/sim/reader.c b/src/sim/reader.c
index 160f1758..e7169b5a 100644
--- a/src/sim/reader.c
+++ b/src/sim/reader.c
@@ -58,6 +58,9 @@ static int transceive_apdu_t0(struct osim_card_hdl *st, struct msgb *amsg)
uint16_t sw;
int rc, num_resp = 0;
+ if (!tmsg)
+ return -ENOMEM;
+
/* create TPDU header from APDU header */
tpduh = (struct osim_apdu_cmd_hdr *) msgb_put(tmsg, sizeof(*tpduh));
memcpy(tpduh, msgb_apdu_h(amsg), sizeof(*tpduh));