This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.
fixeria gerrit-no-reply at lists.osmocom.orgfixeria has submitted this change. ( https://gerrit.osmocom.org/c/libosmocore/+/22544 ) Change subject: gsm_7bit_encode_n(): fix integer overflow in gsm_septets2octets() ...................................................................... gsm_7bit_encode_n(): fix integer overflow in gsm_septets2octets() Using 'uint8_t' for the length argument is definitely a bad idea. Because of this, packing more than 255 septets would not work as expected. Deprecate the old function and use 'size_t' instead. Change-Id: Ib1aac538afeb0a5c76a1df472d555139a496e12e --- M include/osmocom/gsm/gsm_utils.h M src/gsm/gsm_utils.c M src/gsm/libosmogsm.map M tests/sms/sms_test.c M tests/sms/sms_test.ok 5 files changed, 20 insertions(+), 15 deletions(-) Approvals: Jenkins Builder: Verified laforge: Looks good to me, but someone else must approve pespin: Looks good to me, approved diff --git a/include/osmocom/gsm/gsm_utils.h b/include/osmocom/gsm/gsm_utils.h index de63434..0909006 100644 --- a/include/osmocom/gsm/gsm_utils.h +++ b/include/osmocom/gsm/gsm_utils.h @@ -110,7 +110,10 @@ int gsm_7bit_encode_n_ussd(uint8_t *result, size_t n, const char *data, int *octets_written); /* the four functions below are helper functions and here for the unit test */ -int gsm_septets2octets(uint8_t *result, const uint8_t *rdata, uint8_t septet_len, uint8_t padding); +int gsm_septets2octets(uint8_t *result, const uint8_t *rdata, uint8_t septet_len, uint8_t padding) + OSMO_DEPRECATED("This function is unable to handle more than 255 septets, " + "use gsm_septet_pack() instead."); +int gsm_septet_pack(uint8_t *result, const uint8_t *rdata, size_t septet_len, uint8_t padding); int gsm_septet_encode(uint8_t *result, const char *data); uint8_t gsm_get_octet_len(const uint8_t sept_len); int gsm_7bit_decode_n_hdr(char *decoded, size_t n, const uint8_t *user_data, uint8_t length, uint8_t ud_hdr_ind); diff --git a/src/gsm/gsm_utils.c b/src/gsm/gsm_utils.c index ae77a9d..07e082d 100644 --- a/src/gsm/gsm_utils.c +++ b/src/gsm/gsm_utils.c @@ -324,7 +324,7 @@ * \param[in] septet_len Length of \a rdata * \param[in] padding padding bits at start * \returns number of bytes used in \a result */ -int gsm_septets2octets(uint8_t *result, const uint8_t *rdata, uint8_t septet_len, uint8_t padding) +int gsm_septet_pack(uint8_t *result, const uint8_t *rdata, size_t septet_len, uint8_t padding) { int i = 0, z = 0; uint8_t cb, nb; @@ -369,6 +369,12 @@ return z; } +/*! Backwards compatibility wrapper for gsm_septets_pack(), deprecated. */ +int gsm_septets2octets(uint8_t *result, const uint8_t *rdata, uint8_t septet_len, uint8_t padding) +{ + return gsm_septet_pack(result, rdata, septet_len, padding); +} + /*! GSM 7-bit alphabet TS 03.38 6.2.1 Character packing * \param[out] result Caller-provided output buffer * \param[in] n Maximum length of \a result in bytes @@ -393,7 +399,7 @@ y = max_septets; } - o = gsm_septets2octets(result, rdata, y, 0); + o = gsm_septet_pack(result, rdata, y, 0); if (octets) *octets = o; diff --git a/src/gsm/libosmogsm.map b/src/gsm/libosmogsm.map index c314c20..584d761 100644 --- a/src/gsm/libosmogsm.map +++ b/src/gsm/libosmogsm.map @@ -478,6 +478,7 @@ gsm_milenage; gsm_septet_encode; +gsm_septet_pack; gsm_septets2octets; lapd_dl_exit; diff --git a/tests/sms/sms_test.c b/tests/sms/sms_test.c index c7f47e2..3e14529 100644 --- a/tests/sms/sms_test.c +++ b/tests/sms/sms_test.c @@ -384,7 +384,7 @@ memcpy(tmp, septet_data, concatenated_part1_septet_length); /* In our case: test_multiple_decode[0].ud_hdr_ind equals number of padding bits*/ - octet_length = gsm_septets2octets(coded, tmp, concatenated_part1_septet_length, test_multiple_encode[0].ud_hdr_ind); + octet_length = gsm_septet_pack(coded, tmp, concatenated_part1_septet_length, test_multiple_encode[0].ud_hdr_ind); /* copy header */ memset(tmp, 0x42, sizeof(tmp)); @@ -402,7 +402,7 @@ memcpy(tmp, septet_data + concatenated_part1_septet_length, concatenated_part2_septet_length); /* In our case: test_multiple_decode[1].ud_hdr_ind equals number of padding bits*/ - octet_length = gsm_septets2octets(coded, tmp, concatenated_part2_septet_length, test_multiple_encode[1].ud_hdr_ind); + octet_length = gsm_septet_pack(coded, tmp, concatenated_part2_septet_length, test_multiple_encode[1].ud_hdr_ind); /* copy header */ memset(tmp, 0x42, sizeof(tmp)); diff --git a/tests/sms/sms_test.ok b/tests/sms/sms_test.ok index 724c166..de1fce3 100644 --- a/tests/sms/sms_test.ok +++ b/tests/sms/sms_test.ok @@ -21,20 +21,15 @@ Running test_enc_large_msg gsm_7bit_encode_n(len=2048) processed 2048 septets (expected 2048): OK -gsm_7bit_encode_n(len=2048) used 0 octets in the buffer (expected 1792): FAIL - Unexpected chunk at enc_buf[0:7]: 00 00 00 00 00 00 00 +gsm_7bit_encode_n(len=2048) used 1792 octets in the buffer (expected 1792): OK gsm_7bit_encode_n(len=1024) processed 1024 septets (expected 1024): OK -gsm_7bit_encode_n(len=1024) used 0 octets in the buffer (expected 896): FAIL - Unexpected chunk at enc_buf[0:7]: 00 00 00 00 00 00 00 +gsm_7bit_encode_n(len=1024) used 896 octets in the buffer (expected 896): OK gsm_7bit_encode_n(len=555) processed 555 septets (expected 555): OK -gsm_7bit_encode_n(len=555) used 38 octets in the buffer (expected 486): FAIL - Unexpected chunk at enc_buf[35:6]: c1 60 10 00 00 00 +gsm_7bit_encode_n(len=555) used 486 octets in the buffer (expected 486): OK gsm_7bit_encode_n(len=512) processed 512 septets (expected 512): OK -gsm_7bit_encode_n(len=512) used 0 octets in the buffer (expected 448): FAIL - Unexpected chunk at enc_buf[0:7]: 00 00 00 00 00 00 00 +gsm_7bit_encode_n(len=512) used 448 octets in the buffer (expected 448): OK gsm_7bit_encode_n(len=260) processed 260 septets (expected 260): OK -gsm_7bit_encode_n(len=260) used 4 octets in the buffer (expected 228): FAIL - Unexpected chunk at enc_buf[0:6]: c1 60 30 08 00 00 +gsm_7bit_encode_n(len=260) used 228 octets in the buffer (expected 228): OK gsm_7bit_encode_n(len=255) processed 255 septets (expected 255): OK gsm_7bit_encode_n(len=255) used 224 octets in the buffer (expected 224): OK gsm_7bit_encode_n(len=250) processed 250 septets (expected 250): OK -- To view, visit https://gerrit.osmocom.org/c/libosmocore/+/22544 To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: libosmocore Gerrit-Branch: master Gerrit-Change-Id: Ib1aac538afeb0a5c76a1df472d555139a496e12e Gerrit-Change-Number: 22544 Gerrit-PatchSet: 3 Gerrit-Owner: fixeria <vyanitskiy at sysmocom.de> Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: fixeria <vyanitskiy at sysmocom.de> Gerrit-Reviewer: laforge <laforge at osmocom.org> Gerrit-Reviewer: pespin <pespin at sysmocom.de> Gerrit-MessageType: merged -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.osmocom.org/pipermail/gerrit-log/attachments/20210201/47fb4e06/attachment.htm>