bssgp: Ensure non-NULL bctx before calling bssgp_rx_ptp (Coverity)
Currently bssgp_rx_ptp might be called with bctx being NULL, when the
NS BVCI is neither BVCI_SIGNALLING nor BVCI_PTM, but the message is
a BVC_RESET or it contains an BVCI IE != BVCI_SIGNALLING where the
BVCI is not known.
This patch ensures that bssgp_rx_ptp will only be called with a
non-NULL bctx. A log message will be issued, if the bctx is NULL when
this was not expected.
Fixes: Coverity CID 1040674
Sponsored-by: On-Waves ehf
diff --git a/tests/gb/gprs_bssgp_test.c b/tests/gb/gprs_bssgp_test.c
index 3d1384b..b454430 100644
--- a/tests/gb/gprs_bssgp_test.c
+++ b/tests/gb/gprs_bssgp_test.c
@@ -159,6 +159,22 @@
printf("----- %s END\n", __func__);
}
+static void test_bssgp_bad_reset()
+{
+ struct msgb *msg = bssgp_msgb_alloc();
+ uint16_t bvci_be = htons(2);
+ uint8_t cause = BSSGP_CAUSE_OML_INTERV;
+
+ msgb_v_put(msg, BSSGP_PDUT_BVC_RESET);
+ msgb_tvlv_put(msg, BSSGP_IE_BVCI, sizeof(bvci_be), (uint8_t *)&bvci_be);
+ msgb_tvlv_put(msg, BSSGP_IE_CAUSE, sizeof(cause), &cause);
+
+ msgb_bvci(msg) = 0xbad;
+
+ msgb_bssgp_send_and_free(msg);
+}
+
+
static struct log_info info = {};
int main(int argc, char **argv)
@@ -181,6 +197,7 @@
printf("===== BSSGP test START\n");
test_bssgp_suspend_resume();
test_bssgp_status();
+ test_bssgp_bad_reset();
printf("===== BSSGP test END\n\n");
exit(EXIT_SUCCESS);