Change in libosmocore[master]: gsm/gsm48_ie.c: fix output truncation in gsm48_decode_bcd_number2()

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.

Vadim Yanitskiy gerrit-no-reply at lists.osmocom.org
Sat May 25 17:57:16 UTC 2019


Vadim Yanitskiy has uploaded this change for review. ( https://gerrit.osmocom.org/14185


Change subject: gsm/gsm48_ie.c: fix output truncation in gsm48_decode_bcd_number2()
......................................................................

gsm/gsm48_ie.c: fix output truncation in gsm48_decode_bcd_number2()

Thanks to the new unit test for BCD number encoding / decoding, it was
discovered that gsm48_decode_bcd_number2() does not properly handle
encoded LV if the output buffer size is equal to the original MSISDN
length + 1 (\0-terminator): one digit is lost.

For example, decoding of 15-digit long MSISDN to a buffer of size
16 (15 digits + 1 for \0) would give us only 14 digits.

The problem was that 'output_len' was being decremented before
checking the remaining buffer length and writing a digit to it.
As a result, the maximum length was always one byte shorter.

Change-Id: I61d49387fedbf7b238e21540a5eff22f6861e27a
Fixes: OS#4025
---
M src/gsm/gsm48_ie.c
M tests/gsm0408/gsm0408_test.ok
2 files changed, 4 insertions(+), 4 deletions(-)



  git pull ssh://gerrit.osmocom.org:29418/libosmocore refs/changes/85/14185/1

diff --git a/src/gsm/gsm48_ie.c b/src/gsm/gsm48_ie.c
index ca6489a..48d0d37 100644
--- a/src/gsm/gsm48_ie.c
+++ b/src/gsm/gsm48_ie.c
@@ -88,16 +88,16 @@
 
 	for (i = 1 + h_len; i <= in_len; i++) {
 		/* lower nibble */
-		output_len--;
 		if (output_len <= 1)
 			break;
 		*output++ = bcd_num_digits[bcd_lv[i] & 0xf];
+		output_len--;
 
 		/* higher nibble */
-		output_len--;
 		if (output_len <= 1)
 			break;
 		*output++ = bcd_num_digits[bcd_lv[i] >> 4];
+		output_len--;
 	}
 	if (output_len >= 1)
 		*output++ = '\0';
diff --git a/tests/gsm0408/gsm0408_test.ok b/tests/gsm0408/gsm0408_test.ok
index 2875a7e..67d3f2f 100644
--- a/tests/gsm0408/gsm0408_test.ok
+++ b/tests/gsm0408/gsm0408_test.ok
@@ -160,14 +160,14 @@
     -   Actual: (rc=9) '0821436587092143f5'
   - Decoding HEX (buffer limit=16) '0821436587092143f5'...
     - Expected: (rc=0) '123456789012345'
-    -   Actual: (rc=0) '12345678901234'
+    -   Actual: (rc=0) '123456789012345'
 - Running test: to be truncated 20-digit MSISDN
   - Encoding ASCII (buffer limit=9) '12345678901234567890'...
     - Expected: (rc=-5) ''
     -   Actual: (rc=-5) ''
   - Decoding HEX (buffer limit=16) '0a21436587092143658709'...
     - Expected: (rc=0) '123456789012345'
-    -   Actual: (rc=0) '12345678901234'
+    -   Actual: (rc=0) '123456789012345'
 - Running test: LV incorrect length
   - Decoding HEX (buffer limit=0) '05214365'...
     - Expected: (rc=-5) '(none)'

-- 
To view, visit https://gerrit.osmocom.org/14185
To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings

Gerrit-Project: libosmocore
Gerrit-Branch: master
Gerrit-MessageType: newchange
Gerrit-Change-Id: I61d49387fedbf7b238e21540a5eff22f6861e27a
Gerrit-Change-Number: 14185
Gerrit-PatchSet: 1
Gerrit-Owner: Vadim Yanitskiy <axilirator at gmail.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osmocom.org/pipermail/gerrit-log/attachments/20190525/18dcb64f/attachment.htm>


More information about the gerrit-log mailing list