summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/gsm/gsm48_ie.c16
-rw-r--r--tests/gsm0408/gsm0408_test.c11
-rw-r--r--tests/gsm0408/gsm0408_test.ok4
3 files changed, 28 insertions, 3 deletions
diff --git a/src/gsm/gsm48_ie.c b/src/gsm/gsm48_ie.c
index 59f931b2..31028ba4 100644
--- a/src/gsm/gsm48_ie.c
+++ b/src/gsm/gsm48_ie.c
@@ -82,6 +82,7 @@ int gsm48_decode_bcd_number2(char *output, size_t output_len,
{
uint8_t in_len;
int i;
+ bool truncated = false;
if (output_len < 1)
return -ENOSPC;
*output = '\0';
@@ -94,14 +95,23 @@ int gsm48_decode_bcd_number2(char *output, size_t output_len,
for (i = 1 + h_len; i <= in_len; i++) {
/* lower nibble */
- if (output_len <= 1)
+ if (output_len <= 1) {
+ truncated = true;
break;
+ }
*output++ = bcd_num_digits[bcd_lv[i] & 0xf];
output_len--;
/* higher nibble */
- if (output_len <= 1)
+ if (output_len <= 1) {
+ /* not truncated if there is exactly one 0xf ('\0') higher nibble remaining */
+ if (i == in_len && (bcd_lv[i] & 0xf0) == 0xf0) {
+ break;
+ }
+
+ truncated = true;
break;
+ }
*output++ = bcd_num_digits[bcd_lv[i] >> 4];
output_len--;
}
@@ -109,7 +119,7 @@ int gsm48_decode_bcd_number2(char *output, size_t output_len,
*output++ = '\0';
/* Indicate whether the output was truncated */
- if (i < in_len)
+ if (truncated)
return -ENOSPC;
return 0;
diff --git a/tests/gsm0408/gsm0408_test.c b/tests/gsm0408/gsm0408_test.c
index b5f80614..db1d45ad 100644
--- a/tests/gsm0408/gsm0408_test.c
+++ b/tests/gsm0408/gsm0408_test.c
@@ -727,6 +727,17 @@ static const struct bcd_number_test {
.dec_ascii = "(none)",
.dec_rc = -EIO,
},
+ {
+ .test_name = "decoding buffer is one byte too small (OS#4049)",
+
+ /* Decoding test */
+ .dec_hex = "022143", /* "1234" */
+ .dec_ascii = "123", /* '4' was truncated */
+ .dec_rc = -ENOSPC,
+
+ /* Buffer length limitations */
+ .dec_buf_lim = 4,
+ },
};
static void test_bcd_number_encode_decode()
diff --git a/tests/gsm0408/gsm0408_test.ok b/tests/gsm0408/gsm0408_test.ok
index 844c2018..d343869f 100644
--- a/tests/gsm0408/gsm0408_test.ok
+++ b/tests/gsm0408/gsm0408_test.ok
@@ -186,6 +186,10 @@ BSD number encoding / decoding test
- Decoding HEX (buffer limit=0) ''...
- Expected: (rc=-5) '(none)'
- Actual: (rc=-5) '(none)'
+- Running test: decoding buffer is one byte too small (OS#4049)
+ - Decoding HEX (buffer limit=4) '022143'...
+ - Expected: (rc=-28) '123'
+ - Actual: (rc=-28) '123'
Constructed RA:
077-121-666-5
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-19 13:46:27 +0000