This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.
Neels Hofmeyr gerrit-no-reply at lists.osmocom.orgNeels Hofmeyr has uploaded this change for review. ( https://gerrit.osmocom.org/13815 Change subject: gsm48_decode_bcd_number2(): fix input len check ...................................................................... gsm48_decode_bcd_number2(): fix input len check The input_len argument for gsm48_decode_bcd_number2() includes the BCD length *and* the length byte itself, so add the missing +1. Also clarify the API doc for the input_len argument. Change-Id: I87599641325c04aae2be224ec350b1a145039528 --- M src/gsm/gsm48_ie.c 1 file changed, 3 insertions(+), 2 deletions(-) git pull ssh://gerrit.osmocom.org:29418/libosmocore refs/changes/15/13815/1 diff --git a/src/gsm/gsm48_ie.c b/src/gsm/gsm48_ie.c index 049f5dc..0e5f253 100644 --- a/src/gsm/gsm48_ie.c +++ b/src/gsm/gsm48_ie.c @@ -80,7 +80,7 @@ * \param[out] output Caller-provided output buffer. * \param[in] output_len sizeof(output). * \param[in] bcd_lv Length-Value part of to-be-decoded IE. - * \param[in] input_len Size of the buffer to read the IE from. + * \param[in] input_len Size of the bcd_lv buffer for bounds checking. * \param[in] h_len Length of an optional header between L and V parts. * \return 0 in case of success, negative on error. Errors checked: no or too little input data, no or too little * output buffer size, IE length exceeds input data size, decoded number exceeds size of the output buffer. The output @@ -97,7 +97,8 @@ if (input_len < 1) return -EIO; len = bcd_lv[0]; - if (input_len < len) + /* len + 1: the BCD length plus the length byte itself must fit in the input buffer. */ + if (input_len < len + 1) return -EIO; return gsm48_decode_bcd_number(output, output_len, bcd_lv, h_len); } -- To view, visit https://gerrit.osmocom.org/13815 To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: libosmocore Gerrit-Branch: master Gerrit-MessageType: newchange Gerrit-Change-Id: I87599641325c04aae2be224ec350b1a145039528 Gerrit-Change-Number: 13815 Gerrit-PatchSet: 1 Gerrit-Owner: Neels Hofmeyr <nhofmeyr at sysmocom.de> -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.osmocom.org/pipermail/gerrit-log/attachments/20190430/354c23e1/attachment.htm>