colin/ModemManager
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

broadband-modem-mbim: fix potential dereference of null GByteArray

Browse Source 
ussd_decode() expects a non-null GByteArray while process_ussd_message()
could potentially passes a null GByteArray to ussd_decode(). This
patch fixes the issue by having process_ussd_message() always creates a
GByteArray.
This commit is contained in:
Ben Chan
2019-08-20 13:39:29 -07:00
committed by Aleksander Morgado
parent f2c878e796
commit 5efa15b83f
1 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
src/mm-broadband-modem-mbim.c
View File

@@ -4469,7 +4469,7 @@ process_ussd_message (MMBroadbandModemMbim *self,
{
GTask *task = NULL;
MMModem3gppUssdSessionState ussd_state = MM_MODEM_3GPP_USSD_SESSION_STATE_IDLE;
GByteArray *bytearray = NULL;
GByteArray *bytearray;
gchar *converted = NULL;
GError *error = NULL;
@@ -4479,8 +4479,9 @@ process_ussd_message (MMBroadbandModemMbim *self,
self->priv->pending_ussd_action = NULL;
}
if (data_size)
bytearray = g_byte_array_append (g_byte_array_new (), data, data_size);
bytearray = g_byte_array_new ();
if (data && data_size)
bytearray = g_byte_array_append (bytearray, data, data_size);
switch (ussd_response) {
case MBIM_USSD_RESPONSE_NO_ACTION_REQUIRED:
@@ -4537,8 +4538,7 @@ process_ussd_message (MMBroadbandModemMbim *self,
mm_iface_modem_3gpp_ussd_update_state (MM_IFACE_MODEM_3GPP_USSD (self), ussd_state);
if (bytearray)
g_byte_array_unref (bytearray);
g_byte_array_unref (bytearray);
/* Complete the pending action */
if (task) {