diff options
author | Holger Hans Peter Freyther <zecke@selfish.org> | 2010-10-11 08:21:00 +0200 |
---|---|---|
committer | Holger Hans Peter Freyther <zecke@selfish.org> | 2010-10-11 09:26:19 +0200 |
commit | c88a44f493d594acdb5d9240855678c34ede2a88 (patch) | |
tree | 5744cba7b8548b4e95b2bb2835532be2340a11af /tests/ussd | |
parent | 8ac0486c28be99fed40aa7118d66dbb7e70ccc78 (diff) |
ussd: Add next test that show that we access the data out of bounds
This test is showing that the internal ASN1 code is not checking
the size properly.
Diffstat (limited to 'tests/ussd')
-rw-r--r-- | tests/ussd/ussd_test.c | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/tests/ussd/ussd_test.c b/tests/ussd/ussd_test.c index 4d125ffd..6680e63c 100644 --- a/tests/ussd/ussd_test.c +++ b/tests/ussd/ussd_test.c @@ -47,6 +47,23 @@ static int parse_ussd(const uint8_t *_data, int len) return rc; } +static int parse_mangle_ussd(const uint8_t *_data, int len) +{ + uint8_t *data; + int rc; + struct ussd_request req; + struct gsm48_hdr *hdr; + + data = malloc(len); + memcpy(data, _data, len); + hdr = (struct gsm48_hdr *) &data[0]; + hdr->data[1] = len - sizeof(*hdr) - 2; + rc = gsm0480_decode_ussd_request(hdr, len, &req); + free(data); + + return rc; +} + int main(int argc, char **argv) { const int size = sizeof(ussd_request); @@ -59,5 +76,11 @@ int main(int argc, char **argv) printf("Result for %d is %d\n", rc, i); } + printf("Mangling the container now\n"); + for (i = size; i > sizeof(struct gsm48_hdr) + 2; --i) { + int rc = parse_mangle_ussd(&ussd_request[0], i); + printf("Result for %d is %d\n", rc, i); + } + return 0; } |