diff options
author | Vadim Yanitskiy <axilirator@gmail.com> | 2019-05-26 00:14:16 +0700 |
---|---|---|
committer | Vadim Yanitskiy <axilirator@gmail.com> | 2019-05-28 06:50:41 +0700 |
commit | 2cd1dda631713a188f285775b19667e252e3a681 (patch) | |
tree | 3a4627c34456735bc5f8cb88ee56380340908d43 /src/gsm | |
parent | aa0683d9f8290515fb9c6681727beeba39a72c1e (diff) |
gsm48_decode_bcd_number2(): fix output truncation
Thanks to the new unit test for BCD number encoding / decoding, it was
discovered that gsm48_decode_bcd_number2() does not properly handle
encoded LV if the output buffer size is equal to the original MSISDN
length + 1 (\0-terminator): one digit is lost.
For example, decoding of 15-digit long MSISDN to a buffer of size
16 (15 digits + 1 for \0) would give us only 14 digits.
The problem was that 'output_len' was being decremented before
checking the remaining buffer length and writing a digit to it.
As a result, the maximum length was always one byte shorter.
Change-Id: I61d49387fedbf7b238e21540a5eff22f6861e27a
Fixes: OS#4025
Diffstat (limited to 'src/gsm')
-rw-r--r-- | src/gsm/gsm48_ie.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/gsm/gsm48_ie.c b/src/gsm/gsm48_ie.c index ca6489a9..48d0d379 100644 --- a/src/gsm/gsm48_ie.c +++ b/src/gsm/gsm48_ie.c @@ -88,16 +88,16 @@ int gsm48_decode_bcd_number2(char *output, size_t output_len, for (i = 1 + h_len; i <= in_len; i++) { /* lower nibble */ - output_len--; if (output_len <= 1) break; *output++ = bcd_num_digits[bcd_lv[i] & 0xf]; + output_len--; /* higher nibble */ - output_len--; if (output_len <= 1) break; *output++ = bcd_num_digits[bcd_lv[i] >> 4]; + output_len--; } if (output_len >= 1) *output++ = '\0'; |