summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorVadim Yanitskiy <axilirator@gmail.com>2019-05-26 00:14:16 +0700
committerVadim Yanitskiy <axilirator@gmail.com>2019-05-28 06:50:41 +0700
commit2cd1dda631713a188f285775b19667e252e3a681 (patch)
tree3a4627c34456735bc5f8cb88ee56380340908d43 /src
parentaa0683d9f8290515fb9c6681727beeba39a72c1e (diff)
gsm48_decode_bcd_number2(): fix output truncation
Thanks to the new unit test for BCD number encoding / decoding, it was discovered that gsm48_decode_bcd_number2() does not properly handle encoded LV if the output buffer size is equal to the original MSISDN length + 1 (\0-terminator): one digit is lost. For example, decoding of 15-digit long MSISDN to a buffer of size 16 (15 digits + 1 for \0) would give us only 14 digits. The problem was that 'output_len' was being decremented before checking the remaining buffer length and writing a digit to it. As a result, the maximum length was always one byte shorter. Change-Id: I61d49387fedbf7b238e21540a5eff22f6861e27a Fixes: OS#4025
Diffstat (limited to 'src')
-rw-r--r--src/gsm/gsm48_ie.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/src/gsm/gsm48_ie.c b/src/gsm/gsm48_ie.c
index ca6489a9..48d0d379 100644
--- a/src/gsm/gsm48_ie.c
+++ b/src/gsm/gsm48_ie.c
@@ -88,16 +88,16 @@ int gsm48_decode_bcd_number2(char *output, size_t output_len,
for (i = 1 + h_len; i <= in_len; i++) {
/* lower nibble */
- output_len--;
if (output_len <= 1)
break;
*output++ = bcd_num_digits[bcd_lv[i] & 0xf];
+ output_len--;
/* higher nibble */
- output_len--;
if (output_len <= 1)
break;
*output++ = bcd_num_digits[bcd_lv[i] >> 4];
+ output_len--;
}
if (output_len >= 1)
*output++ = '\0';