Check for proper lapdm_datalink entity

Previously lapdm_datalink->entity->mode was dereferenced without checking if correct entity is present. This might lead to segfault. Check it explicitly before dereferencing, log error and gracefully return if necessary. Change-Id: I0361e3731e86712b415a370cab1128d611988f56 Related: OS#1898
author: Max <msuraev@sysmocom.de> 2017-03-01 18:16:44 +0100
committer: Max <msuraev@sysmocom.de> 2017-03-02 14:10:06 +0000
commit: 777be2e734b95ab9982a20c22f134d004a78c961 (patch)
tree: cdb31333c0ea42dba605881a17bb4f17d46cf7d2 /src/gsm/lapdm.c
parent: 90fdb08e3ea65b6df53160b6b34cf5e9fde17a40 (diff)
1 files changed, 8 insertions, 2 deletions
diff --git a/src/gsm/lapdm.c b/src/gsm/lapdm.c
index fa7769b2..1fdf311c 100644
--- a/src/gsm/lapdm.c
+++ b/src/gsm/lapdm.c
@@ -852,10 +852,16 @@ static int rslms_rx_rll_udata_req(struct msgb *msg, struct lapdm_datalink *dl)
 	struct abis_rsl_rll_hdr *rllh = msgb_l2(msg);
 	uint8_t chan_nr = rllh->chan_nr;
 	uint8_t link_id = rllh->link_id;
-	int ui_bts = (le->mode == LAPDM_MODE_BTS && (link_id & 0x40));
 	uint8_t sapi = link_id & 7;
 	struct tlv_parsed tv;
-	int length;
+	int length, ui_bts;
+
+	if (!le) {
+		LOGP(DLLAPD, LOGL_ERROR, "lapdm_datalink without entity error\n");
+		msgb_free(msg);
+		return -EMLINK;
+	}
+	ui_bts = (le->mode == LAPDM_MODE_BTS && (link_id & 0x40));
 
 	/* check if the layer3 message length exceeds N201 */
author	Max <msuraev@sysmocom.de>	2017-03-01 18:16:44 +0100
committer	Max <msuraev@sysmocom.de>	2017-03-02 14:10:06 +0000
commit	777be2e734b95ab9982a20c22f134d004a78c961 (patch)
tree	cdb31333c0ea42dba605881a17bb4f17d46cf7d2 /src/gsm/lapdm.c
parent	90fdb08e3ea65b6df53160b6b34cf5e9fde17a40 (diff)