diff options
-rw-r--r-- | src/gsm/gsm48_ie.c | 16 | ||||
-rw-r--r-- | tests/gsm0408/gsm0408_test.c | 11 | ||||
-rw-r--r-- | tests/gsm0408/gsm0408_test.ok | 4 |
3 files changed, 28 insertions, 3 deletions
diff --git a/src/gsm/gsm48_ie.c b/src/gsm/gsm48_ie.c index 59f931b2..31028ba4 100644 --- a/src/gsm/gsm48_ie.c +++ b/src/gsm/gsm48_ie.c @@ -82,6 +82,7 @@ int gsm48_decode_bcd_number2(char *output, size_t output_len, { uint8_t in_len; int i; + bool truncated = false; if (output_len < 1) return -ENOSPC; *output = '\0'; @@ -94,14 +95,23 @@ int gsm48_decode_bcd_number2(char *output, size_t output_len, for (i = 1 + h_len; i <= in_len; i++) { /* lower nibble */ - if (output_len <= 1) + if (output_len <= 1) { + truncated = true; break; + } *output++ = bcd_num_digits[bcd_lv[i] & 0xf]; output_len--; /* higher nibble */ - if (output_len <= 1) + if (output_len <= 1) { + /* not truncated if there is exactly one 0xf ('\0') higher nibble remaining */ + if (i == in_len && (bcd_lv[i] & 0xf0) == 0xf0) { + break; + } + + truncated = true; break; + } *output++ = bcd_num_digits[bcd_lv[i] >> 4]; output_len--; } @@ -109,7 +119,7 @@ int gsm48_decode_bcd_number2(char *output, size_t output_len, *output++ = '\0'; /* Indicate whether the output was truncated */ - if (i < in_len) + if (truncated) return -ENOSPC; return 0; diff --git a/tests/gsm0408/gsm0408_test.c b/tests/gsm0408/gsm0408_test.c index b5f80614..db1d45ad 100644 --- a/tests/gsm0408/gsm0408_test.c +++ b/tests/gsm0408/gsm0408_test.c @@ -727,6 +727,17 @@ static const struct bcd_number_test { .dec_ascii = "(none)", .dec_rc = -EIO, }, + { + .test_name = "decoding buffer is one byte too small (OS#4049)", + + /* Decoding test */ + .dec_hex = "022143", /* "1234" */ + .dec_ascii = "123", /* '4' was truncated */ + .dec_rc = -ENOSPC, + + /* Buffer length limitations */ + .dec_buf_lim = 4, + }, }; static void test_bcd_number_encode_decode() diff --git a/tests/gsm0408/gsm0408_test.ok b/tests/gsm0408/gsm0408_test.ok index 844c2018..d343869f 100644 --- a/tests/gsm0408/gsm0408_test.ok +++ b/tests/gsm0408/gsm0408_test.ok @@ -186,6 +186,10 @@ BSD number encoding / decoding test - Decoding HEX (buffer limit=0) ''... - Expected: (rc=-5) '(none)' - Actual: (rc=-5) '(none)' +- Running test: decoding buffer is one byte too small (OS#4049) + - Decoding HEX (buffer limit=4) '022143'... + - Expected: (rc=-28) '123' + - Actual: (rc=-28) '123' Constructed RA: 077-121-666-5 |