gsm_04_08: Fix nullpointer deref
The pointers conn, conn->vsub and conn->vsub->last_tuple are checked,
but before the check those pointers are already dereferenced during
assignment. This defeats the purpose of the check. Lets dereference
those pointers after the check.
Fixes: CID#190404
Change-Id: Ice4992606f3799eac13154ec0b9f53e46d2e178e
diff --git a/src/libmsc/gsm_04_08.c b/src/libmsc/gsm_04_08.c
index 7a485c7..adc946e 100644
--- a/src/libmsc/gsm_04_08.c
+++ b/src/libmsc/gsm_04_08.c
@@ -1603,12 +1603,12 @@
int ran_conn_geran_set_cipher_mode(struct ran_conn *conn, bool umts_aka, bool retrieve_imeisv)
{
- struct gsm_network *net = conn->network;
+ struct gsm_network *net;
struct gsm0808_encrypt_info ei;
int i, j = 0;
int request_classmark = 0;
int request_classmark_for_a5_n = 0;
- struct vlr_auth_tuple *tuple = conn->vsub->last_tuple;
+ struct vlr_auth_tuple *tuple;
if (!conn || !conn->vsub || !conn->vsub->last_tuple) {
/* This should really never happen, because we checked this in msc_vlr_set_ciph_mode()
@@ -1617,6 +1617,9 @@
return -EINVAL;
}
+ net = conn->network;
+ tuple = conn->vsub->last_tuple;
+
for (i = 0; i < 8; i++) {
int supported;