mncc: Remove what we believe to be a tautology from the MNCC code
Coverity pointed out that we use trans->subscr after a NULL check,
it is our believe that every transaction will have a subscriber.
Remove the check and add an assert before we are dispatching things.
Fixes: Coverity CID 1040740, CID 1040739
diff --git a/openbsc/src/libmsc/gsm_04_08.c b/openbsc/src/libmsc/gsm_04_08.c
index cd31f69..b69ab95 100644
--- a/openbsc/src/libmsc/gsm_04_08.c
+++ b/openbsc/src/libmsc/gsm_04_08.c
@@ -62,6 +62,8 @@
#include <osmocom/core/talloc.h>
#include <osmocom/gsm/tlv.h>
+#include <assert.h>
+
void *tall_locop_ctx;
void *tall_authciphop_ctx;
@@ -1758,13 +1760,12 @@
setup.emergency = 1;
/* use subscriber as calling party number */
- if (trans->subscr) {
- setup.fields |= MNCC_F_CALLING;
- strncpy(setup.calling.number, trans->subscr->extension,
- sizeof(setup.calling.number)-1);
- strncpy(setup.imsi, trans->subscr->imsi,
- sizeof(setup.imsi)-1);
- }
+ setup.fields |= MNCC_F_CALLING;
+ strncpy(setup.calling.number, trans->subscr->extension,
+ sizeof(setup.calling.number)-1);
+ strncpy(setup.imsi, trans->subscr->imsi,
+ sizeof(setup.imsi)-1);
+
/* bearer capability */
if (TLVP_PRESENT(&tp, GSM48_IE_BEARER_CAP)) {
setup.fields |= MNCC_F_BEARER_CAP;
@@ -2087,13 +2088,12 @@
connect.callref = trans->callref;
tlv_parse(&tp, &gsm48_att_tlvdef, gh->data, payload_len, 0, 0);
/* use subscriber as connected party number */
- if (trans->subscr) {
- connect.fields |= MNCC_F_CONNECTED;
- strncpy(connect.connected.number, trans->subscr->extension,
- sizeof(connect.connected.number)-1);
- strncpy(connect.imsi, trans->subscr->imsi,
- sizeof(connect.imsi)-1);
- }
+ connect.fields |= MNCC_F_CONNECTED;
+ strncpy(connect.connected.number, trans->subscr->extension,
+ sizeof(connect.connected.number)-1);
+ strncpy(connect.imsi, trans->subscr->imsi,
+ sizeof(connect.imsi)-1);
+
/* facility */
if (TLVP_PRESENT(&tp, GSM48_IE_FACILITY)) {
connect.fields |= MNCC_F_FACILITY;
@@ -3182,6 +3182,8 @@
return 0;
}
+ assert(trans->subscr);
+
rc = datastatelist[i].rout(trans, msg);
return rc;