From ea2a0ab041524bb651d488ea1eddda0cc3d9e895 Mon Sep 17 00:00:00 2001 From: Neels Hofmeyr Date: Wed, 5 Dec 2018 23:30:08 +0100 Subject: gsm48_mi_to_string(): guard against zero length output buffer All successful cases already return from the switch(), so simply handle all errors below it by returning an empty string (if there is enough string buffer). Change-Id: I709ac3b9efb7b4258d8660715b10312e11b9b571 --- src/gsm/gsm48.c | 10 +++++----- tests/gsm0408/gsm0408_test.ok | 16 ++++++++-------- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/src/gsm/gsm48.c b/src/gsm/gsm48.c index 0f0889b4..af3e14c5 100644 --- a/src/gsm/gsm48.c +++ b/src/gsm/gsm48.c @@ -653,14 +653,11 @@ int gsm48_mi_to_string(char *string, const int str_len, const uint8_t *mi, { int rc; uint8_t mi_type; - char *str_cur = string; uint32_t tmsi; mi_type = mi[0] & GSM_MI_TYPE_MASK; switch (mi_type) { - case GSM_MI_TYPE_NONE: - break; case GSM_MI_TYPE_TMSI: /* Table 10.5.4.3, reverse generate_mid_from_tmsi */ if (mi_len == GSM48_TMSI_LEN && mi[0] == (0xf0 | GSM_MI_TYPE_TMSI)) { @@ -680,12 +677,15 @@ int gsm48_mi_to_string(char *string, const int str_len, const uint8_t *mi, return rc + 1; else return strlen(string) + 1; + default: break; } - *str_cur++ = '\0'; - return str_cur - string; + if (str_len < 1) + return 0; + *string = '\0'; + return 1; } /*! Parse TS 04.08 Routing Area Identifier diff --git a/tests/gsm0408/gsm0408_test.ok b/tests/gsm0408/gsm0408_test.ok index 6e99f5b3..d6579e50 100644 --- a/tests/gsm0408/gsm0408_test.ok +++ b/tests/gsm0408/gsm0408_test.ok @@ -72,8 +72,8 @@ Decoding zero length Mobile Identities returned empty string - MI type: TMSI - writing to zero-length string: - rc=1 - ERROR: Wrote to invalid memory! + rc=0 + nothing written - writing to 1-byte-length string: rc=1 returned empty string @@ -82,8 +82,8 @@ Decoding zero length Mobile Identities returned empty string - MI type: NONE - writing to zero-length string: - rc=1 - ERROR: Wrote to invalid memory! + rc=0 + nothing written - writing to 1-byte-length string: rc=1 returned empty string @@ -102,8 +102,8 @@ Decoding zero length Mobile Identities returned empty string - MI type: TMSI | GSM_MI_ODD - writing to zero-length string: - rc=1 - ERROR: Wrote to invalid memory! + rc=0 + nothing written - writing to 1-byte-length string: rc=1 returned empty string @@ -112,8 +112,8 @@ Decoding zero length Mobile Identities returned empty string - MI type: NONE | GSM_MI_ODD - writing to zero-length string: - rc=1 - ERROR: Wrote to invalid memory! + rc=0 + nothing written - writing to 1-byte-length string: rc=1 returned empty string -- cgit v1.2.3