summaryrefslogtreecommitdiffstats
path: root/tests/ussd
diff options
context:
space:
mode:
authorHolger Hans Peter Freyther <zecke@selfish.org>2010-10-11 08:21:00 +0200
committerHolger Hans Peter Freyther <zecke@selfish.org>2010-10-11 09:26:19 +0200
commitc88a44f493d594acdb5d9240855678c34ede2a88 (patch)
tree5744cba7b8548b4e95b2bb2835532be2340a11af /tests/ussd
parent8ac0486c28be99fed40aa7118d66dbb7e70ccc78 (diff)
ussd: Add next test that show that we access the data out of bounds
This test is showing that the internal ASN1 code is not checking the size properly.
Diffstat (limited to 'tests/ussd')
-rw-r--r--tests/ussd/ussd_test.c23
1 files changed, 23 insertions, 0 deletions
diff --git a/tests/ussd/ussd_test.c b/tests/ussd/ussd_test.c
index 4d125ffd..6680e63c 100644
--- a/tests/ussd/ussd_test.c
+++ b/tests/ussd/ussd_test.c
@@ -47,6 +47,23 @@ static int parse_ussd(const uint8_t *_data, int len)
return rc;
}
+static int parse_mangle_ussd(const uint8_t *_data, int len)
+{
+ uint8_t *data;
+ int rc;
+ struct ussd_request req;
+ struct gsm48_hdr *hdr;
+
+ data = malloc(len);
+ memcpy(data, _data, len);
+ hdr = (struct gsm48_hdr *) &data[0];
+ hdr->data[1] = len - sizeof(*hdr) - 2;
+ rc = gsm0480_decode_ussd_request(hdr, len, &req);
+ free(data);
+
+ return rc;
+}
+
int main(int argc, char **argv)
{
const int size = sizeof(ussd_request);
@@ -59,5 +76,11 @@ int main(int argc, char **argv)
printf("Result for %d is %d\n", rc, i);
}
+ printf("Mangling the container now\n");
+ for (i = size; i > sizeof(struct gsm48_hdr) + 2; --i) {
+ int rc = parse_mangle_ussd(&ussd_request[0], i);
+ printf("Result for %d is %d\n", rc, i);
+ }
+
return 0;
}