From cf94d64206cf53298edf4799a75b31657bb7cbb3 Mon Sep 17 00:00:00 2001
From: Michael Zillgith <michael.zillgith@mz-automation.de>
Date: Fri, 2 Feb 2024 06:44:47 +0000
Subject: [PATCH] - fixed - null pointer dereference in
 mmsServer_handleDeleteNamedVariableListRequest when receiving malformed
 message (LIB61850-430)

---
 .../server/mms_named_variable_list_service.c  | 26 ++++++++++++-------
 1 file changed, 16 insertions(+), 10 deletions(-)

diff --git a/src/mms/iso_mms/server/mms_named_variable_list_service.c b/src/mms/iso_mms/server/mms_named_variable_list_service.c
index 85f1b9600..8d27376f4 100644
--- a/src/mms/iso_mms/server/mms_named_variable_list_service.c
+++ b/src/mms/iso_mms/server/mms_named_variable_list_service.c
@@ -130,16 +130,22 @@ mmsServer_handleDeleteNamedVariableListRequest(MmsServerConnection connection,
 		goto exit_function;
 	}
 
-	if ((mmsPdu->present == MmsPdu_PR_confirmedRequestPdu) &&
-		(mmsPdu->choice.confirmedRequestPdu.confirmedServiceRequest.present
-		== ConfirmedServiceRequest_PR_deleteNamedVariableList))
-	{
-		request = &(mmsPdu->choice.confirmedRequestPdu.confirmedServiceRequest.choice.deleteNamedVariableList);
-	}
-	else {
-		mmsMsg_createMmsRejectPdu(&invokeId, MMS_ERROR_REJECT_INVALID_PDU, response);
-		goto exit_function;
-	}
+    if ((mmsPdu->present == MmsPdu_PR_confirmedRequestPdu) &&
+        (mmsPdu->choice.confirmedRequestPdu.confirmedServiceRequest.present
+        == ConfirmedServiceRequest_PR_deleteNamedVariableList))
+    {
+        request = &(mmsPdu->choice.confirmedRequestPdu.confirmedServiceRequest.choice.deleteNamedVariableList);
+    }
+    else {
+        mmsMsg_createMmsRejectPdu(&invokeId, MMS_ERROR_REJECT_INVALID_PDU, response);
+        goto exit_function;
+    }
+
+    if (request->listOfVariableListName == NULL)
+    {
+        mmsMsg_createMmsRejectPdu(&invokeId, MMS_ERROR_REJECT_INVALID_PDU, response);
+        goto exit_function;
+    }
  
 	long scopeOfDelete = DeleteNamedVariableListRequest__scopeOfDelete_specific;