This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.
osmith gerrit-no-reply at lists.osmocom.orgosmith has uploaded this change for review. ( https://gerrit.osmocom.org/c/libosmocore/+/14397
Change subject: gsm48_decode_bcd_number2: fix -ENOSPEC edge case
......................................................................
gsm48_decode_bcd_number2: fix -ENOSPEC edge case
Return -ENOSPEC if the decoding buffer is one byte to small, instead
of returning 0 and silently truncating the string. Add a new "truncated"
variable to detect if the loop breaks in the final iteration.
The string is not truncated if there is exactly one 0xf ('\0') higher
nibble remaining. This is covered by the existing test case "long
15-digit (maximum) MSISDN, limited buffer".
Related: OS#4049
Change-Id: Ie05900aca50cc7fe8a45d17844dbfcd905fd82fe
---
M src/gsm/gsm48_ie.c
M tests/gsm0408/gsm0408_test.c
M tests/gsm0408/gsm0408_test.ok
3 files changed, 28 insertions(+), 3 deletions(-)
git pull ssh://gerrit.osmocom.org:29418/libosmocore refs/changes/97/14397/1
diff --git a/src/gsm/gsm48_ie.c b/src/gsm/gsm48_ie.c
index 59f931b..31028ba 100644
--- a/src/gsm/gsm48_ie.c
+++ b/src/gsm/gsm48_ie.c
@@ -82,6 +82,7 @@
{
uint8_t in_len;
int i;
+ bool truncated = false;
if (output_len < 1)
return -ENOSPC;
*output = '\0';
@@ -94,14 +95,23 @@
for (i = 1 + h_len; i <= in_len; i++) {
/* lower nibble */
- if (output_len <= 1)
+ if (output_len <= 1) {
+ truncated = true;
break;
+ }
*output++ = bcd_num_digits[bcd_lv[i] & 0xf];
output_len--;
/* higher nibble */
- if (output_len <= 1)
+ if (output_len <= 1) {
+ /* not truncated if there is exactly one 0xf ('\0') higher nibble remaining */
+ if (i == in_len && (bcd_lv[i] & 0xf0) == 0xf0) {
+ break;
+ }
+
+ truncated = true;
break;
+ }
*output++ = bcd_num_digits[bcd_lv[i] >> 4];
output_len--;
}
@@ -109,7 +119,7 @@
*output++ = '\0';
/* Indicate whether the output was truncated */
- if (i < in_len)
+ if (truncated)
return -ENOSPC;
return 0;
diff --git a/tests/gsm0408/gsm0408_test.c b/tests/gsm0408/gsm0408_test.c
index b5f8061..e9c61d6 100644
--- a/tests/gsm0408/gsm0408_test.c
+++ b/tests/gsm0408/gsm0408_test.c
@@ -727,6 +727,17 @@
.dec_ascii = "(none)",
.dec_rc = -EIO,
},
+ {
+ .test_name = "dec_buf_lim == strlen(dec_ascii) (OS#4049)",
+
+ /* Decoding test */
+ .dec_hex = "022143",
+ .dec_ascii = "123",
+ .dec_rc = -ENOSPC,
+
+ /* Buffer length limitations */
+ .dec_buf_lim = 4
+ }
};
static void test_bcd_number_encode_decode()
diff --git a/tests/gsm0408/gsm0408_test.ok b/tests/gsm0408/gsm0408_test.ok
index 844c201..d91018a 100644
--- a/tests/gsm0408/gsm0408_test.ok
+++ b/tests/gsm0408/gsm0408_test.ok
@@ -186,6 +186,10 @@
- Decoding HEX (buffer limit=0) ''...
- Expected: (rc=-5) '(none)'
- Actual: (rc=-5) '(none)'
+- Running test: dec_buf_lim == strlen(dec_ascii) (OS#4049)
+ - Decoding HEX (buffer limit=4) '022143'...
+ - Expected: (rc=-28) '123'
+ - Actual: (rc=-28) '123'
Constructed RA:
077-121-666-5
--
To view, visit https://gerrit.osmocom.org/c/libosmocore/+/14397
To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings
Gerrit-Project: libosmocore
Gerrit-Branch: master
Gerrit-Change-Id: Ie05900aca50cc7fe8a45d17844dbfcd905fd82fe
Gerrit-Change-Number: 14397
Gerrit-PatchSet: 1
Gerrit-Owner: osmith <osmith at sysmocom.de>
Gerrit-MessageType: newchange
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osmocom.org/pipermail/gerrit-log/attachments/20190607/feda4988/attachment.htm>