Change in libosmocore[master]: gsm_7bit_encode_n(): fix integer overflow in gsm_septets2octets()

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.

fixeria gerrit-no-reply at lists.osmocom.org
Sat Jan 30 00:35:30 UTC 2021


fixeria has uploaded this change for review. ( https://gerrit.osmocom.org/c/libosmocore/+/22544 )


Change subject: gsm_7bit_encode_n(): fix integer overflow in gsm_septets2octets()
......................................................................

gsm_7bit_encode_n(): fix integer overflow in gsm_septets2octets()

Using 'uint8_t' for the length argument is definitely a bad idea.
Because of this, packing more than 255 septets would not work as
expected.  Let's use 'size_t' instead.

Change-Id: Ib1aac538afeb0a5c76a1df472d555139a496e12e
---
M TODO-RELEASE
M include/osmocom/gsm/gsm_utils.h
M src/gsm/gsm_utils.c
M tests/sms/sms_test.ok
4 files changed, 8 insertions(+), 12 deletions(-)



  git pull ssh://gerrit.osmocom.org:29418/libosmocore refs/changes/44/22544/1

diff --git a/TODO-RELEASE b/TODO-RELEASE
index e1b1507..a3d5e2f 100644
--- a/TODO-RELEASE
+++ b/TODO-RELEASE
@@ -14,3 +14,4 @@
 libosmovty	ABI change		struct vty_app_info: optional program specific attributes description
 libosmoctrl     ABI change		struct ctrl_handle changed size (new field "reply_cb" at the end)
 libosmogsm	new API			osmo_rai_cmp(), osmo_cgi_ps_cmp()
+libosmogsm	API change		gsm_septets2octets(): uint8_t -> size_t for septet_len
diff --git a/include/osmocom/gsm/gsm_utils.h b/include/osmocom/gsm/gsm_utils.h
index de63434..f119300 100644
--- a/include/osmocom/gsm/gsm_utils.h
+++ b/include/osmocom/gsm/gsm_utils.h
@@ -110,7 +110,7 @@
 int gsm_7bit_encode_n_ussd(uint8_t *result, size_t n, const char *data, int *octets_written);
 
 /* the four functions below are helper functions and here for the unit test */
-int gsm_septets2octets(uint8_t *result, const uint8_t *rdata, uint8_t septet_len, uint8_t padding);
+int gsm_septets2octets(uint8_t *result, const uint8_t *rdata, size_t septet_len, uint8_t padding);
 int gsm_septet_encode(uint8_t *result, const char *data);
 uint8_t gsm_get_octet_len(const uint8_t sept_len);
 int gsm_7bit_decode_n_hdr(char *decoded, size_t n, const uint8_t *user_data, uint8_t length, uint8_t ud_hdr_ind);
diff --git a/src/gsm/gsm_utils.c b/src/gsm/gsm_utils.c
index d51f27e..d2c5d75 100644
--- a/src/gsm/gsm_utils.c
+++ b/src/gsm/gsm_utils.c
@@ -324,7 +324,7 @@
  *  \param[in] septet_len Length of \a rdata
  *  \param[in] padding padding bits at start
  *  \returns number of bytes used in \a result */
-int gsm_septets2octets(uint8_t *result, const uint8_t *rdata, uint8_t septet_len, uint8_t padding)
+int gsm_septets2octets(uint8_t *result, const uint8_t *rdata, size_t septet_len, uint8_t padding)
 {
 	int i = 0, z = 0;
 	uint8_t cb, nb;
diff --git a/tests/sms/sms_test.ok b/tests/sms/sms_test.ok
index 724c166..de1fce3 100644
--- a/tests/sms/sms_test.ok
+++ b/tests/sms/sms_test.ok
@@ -21,20 +21,15 @@
 
 Running test_enc_large_msg
 gsm_7bit_encode_n(len=2048) processed 2048 septets (expected 2048): OK
-gsm_7bit_encode_n(len=2048) used 0 octets in the buffer (expected 1792): FAIL
-	Unexpected chunk at enc_buf[0:7]: 00 00 00 00 00 00 00 
+gsm_7bit_encode_n(len=2048) used 1792 octets in the buffer (expected 1792): OK
 gsm_7bit_encode_n(len=1024) processed 1024 septets (expected 1024): OK
-gsm_7bit_encode_n(len=1024) used 0 octets in the buffer (expected 896): FAIL
-	Unexpected chunk at enc_buf[0:7]: 00 00 00 00 00 00 00 
+gsm_7bit_encode_n(len=1024) used 896 octets in the buffer (expected 896): OK
 gsm_7bit_encode_n(len=555) processed 555 septets (expected 555): OK
-gsm_7bit_encode_n(len=555) used 38 octets in the buffer (expected 486): FAIL
-	Unexpected chunk at enc_buf[35:6]: c1 60 10 00 00 00 
+gsm_7bit_encode_n(len=555) used 486 octets in the buffer (expected 486): OK
 gsm_7bit_encode_n(len=512) processed 512 septets (expected 512): OK
-gsm_7bit_encode_n(len=512) used 0 octets in the buffer (expected 448): FAIL
-	Unexpected chunk at enc_buf[0:7]: 00 00 00 00 00 00 00 
+gsm_7bit_encode_n(len=512) used 448 octets in the buffer (expected 448): OK
 gsm_7bit_encode_n(len=260) processed 260 septets (expected 260): OK
-gsm_7bit_encode_n(len=260) used 4 octets in the buffer (expected 228): FAIL
-	Unexpected chunk at enc_buf[0:6]: c1 60 30 08 00 00 
+gsm_7bit_encode_n(len=260) used 228 octets in the buffer (expected 228): OK
 gsm_7bit_encode_n(len=255) processed 255 septets (expected 255): OK
 gsm_7bit_encode_n(len=255) used 224 octets in the buffer (expected 224): OK
 gsm_7bit_encode_n(len=250) processed 250 septets (expected 250): OK

-- 
To view, visit https://gerrit.osmocom.org/c/libosmocore/+/22544
To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings

Gerrit-Project: libosmocore
Gerrit-Branch: master
Gerrit-Change-Id: Ib1aac538afeb0a5c76a1df472d555139a496e12e
Gerrit-Change-Number: 22544
Gerrit-PatchSet: 1
Gerrit-Owner: fixeria <vyanitskiy at sysmocom.de>
Gerrit-MessageType: newchange
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osmocom.org/pipermail/gerrit-log/attachments/20210130/f4b3c5b7/attachment.htm>


More information about the gerrit-log mailing list