From 85842fd136be201c6416dec755f619dda9c794ad Mon Sep 17 00:00:00 2001
From: Donat Zenichev <dzenichev@sipwise.com>
Date: Tue, 18 Mar 2025 13:39:39 +0100
Subject: [PATCH] MT#59962 db_reg_agent: check iterator's object befor using

Can be NULL.

Fixes:

*** CID 545194:  Null pointer dereferences  (FORWARD_NULL)
/apps/db_reg_agent/DBRegAgent.cpp: 1255 in DBRegAgent::setRegistrationTimer(long, unsigned long,
     RegistrationActionEvent::RegAction, const std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> &)()
1249         DBG("timer object for subscription %ld not found, type: %s\n", object_id, type.c_str());
1250         timer = new RegTimer();
1251         timer->object_id = object_id;
1252         timer->type = type;          // 'peering' or 'subscriber'
1253         DBG("created timer object [%p] for subscription %ld, type: %s\n", timer, object_id, type.c_str());
1254       } else {
>>>     CID 545194:  Null pointer dereferences  (FORWARD_NULL)
>>>     Dereferencing null pointer "it".
1255         timer = it->second;
1256         DBG("removing scheduled timer...\n");
1257         registration_scheduler.remove_timer(timer);
1258       }
1259
1260       timer->action = reg_action;

Change-Id: I097d796c9ba2ac9a8c7334602030a59ac526eee9
---
 apps/db_reg_agent/DBRegAgent.cpp | 28 ++++++++++++++++++++--------
 1 file changed, 20 insertions(+), 8 deletions(-)

diff --git a/apps/db_reg_agent/DBRegAgent.cpp b/apps/db_reg_agent/DBRegAgent.cpp
index 68672207..8aed9573 100644
--- a/apps/db_reg_agent/DBRegAgent.cpp
+++ b/apps/db_reg_agent/DBRegAgent.cpp
@@ -1252,9 +1252,14 @@ void DBRegAgent::setRegistrationTimer(long object_id, uint64_t timeout,
     timer->type = type;          // 'peering' or 'subscriber'
     DBG("created timer object [%p] for subscription %ld, type: %s\n", timer, object_id, type.c_str());
   } else {
-    timer = it->second;
-    DBG("removing scheduled timer...\n");
-    registration_scheduler.remove_timer(timer, false);
+    if (it->second) {
+      timer = it->second;
+      DBG("removing scheduled timer...\n");
+      registration_scheduler.remove_timer(timer, false);
+    } else {
+      WARN("Failed to get existing timer for removing.\n");
+      return;
+    }
   }
 
   timer->action = reg_action;
@@ -1294,9 +1299,14 @@ void DBRegAgent::setRegistrationTimer(long object_id,
     DBG("created timer object [%p] for subscription %ld, type: %s\n", timer, object_id, type.c_str());
     registration_timers.insert(std::make_pair(object_id, timer));
   } else {
-    timer = it->second;
-    DBG("removing scheduled timer...\n");
-    registration_scheduler.remove_timer(timer, false);
+    if (it->second) {
+      timer = it->second;
+      DBG("removing scheduled timer...\n");
+      registration_scheduler.remove_timer(timer, false);
+    } else {
+      WARN("Failed to get existing timer for removing.\n");
+      return;
+    }
   }
 
   timer->action = RegistrationActionEvent::Register;
@@ -1407,8 +1417,10 @@ void DBRegAgent::removeRegistrationTimer(long object_id, const string& type) {
     }
   }
 
-  DBG("deleting timer object [%p]\n", it->second);
-  delete it->second;
+  if (it->second) {
+    DBG("deleting timer object [%p]\n", it->second);
+    delete it->second;
+  }
 
   if (type == TYPE_PEERING)
     registration_timers_peers.erase(it);