diff options
| author | Aleksander Morgado <aleksandermj@chromium.org> | 2023-03-30 21:01:44 +0000 |
|---|---|---|
| committer | Aleksander Morgado <aleksandermj@chromium.org> | 2023-03-30 21:04:57 +0000 |
| commit | 3d9497ffbe779c64c99e449849e577d26edf3809 (patch) | |
| tree | 96f6a4149c49d8711e677744f5f8b89985eec967 /src/tests | |
| parent | dbafff23a42818820591234416b696984f4cc152 (diff) | |
sms-part-3gpp: fix invalid memory ready by checking UDH length byte can be read
[debug] parsing PDU (0)...
[debug] no SMSC address given
[debug] submit type PDU detected
[debug] message reference: 1
[debug] address size: 1 digits (1 bytes)
[debug] number parsed: 00
[debug] validity available, format relative
[debug] PID: 0
[debug] user data encoding is GSM7
[debug] user data length: 0 elements
[debug] user data length: 0 bytes
==125780== Command: ./build/test/mmsmspdu --pdu=00F101010C0000000000 --verbose
==125780==
==125780== Invalid read of size 1
==125780== at 0x10B422: mm_sms_part_3gpp_new_from_binary_pdu (mm-sms-part-3gpp.c:698)
==125780== by 0x10BF57: mm_sms_part_3gpp_new_from_pdu (mm-sms-part-3gpp.c:368)
==125780== by 0x10A44D: main (mmsmspdu.c:242)
==125780== Address 0x519988a is 0 bytes after a block of size 10 alloc'd
==125780== at 0x48455EF: calloc (vg_replace_malloc.c:1328)
==125780== by 0x49DF6C0: g_malloc0 (in /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.7400.2)
==125780== by 0x48ABD24: mm_utils_hexstr2bin (mm-common-helpers.c:1884)
==125780== by 0x10BF36: mm_sms_part_3gpp_new_from_pdu (mm-sms-part-3gpp.c:362)
==125780== by 0x10A44D: main (mmsmspdu.c:242)
Diffstat (limited to 'src/tests')
| -rw-r--r-- | src/tests/test-sms-part-3gpp.c | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/src/tests/test-sms-part-3gpp.c b/src/tests/test-sms-part-3gpp.c index 581b506d..f5590bd6 100644 --- a/src/tests/test-sms-part-3gpp.c +++ b/src/tests/test-sms-part-3gpp.c @@ -467,6 +467,16 @@ test_pdu_wrong_user_data_elements_size (void) common_test_invalid_pdu (pdu, G_N_ELEMENTS (pdu)); } +static void +test_pdu_wrong_udh (void) +{ + static const guint8 pdu[] = { + 0x00, 0xF1, 0x01, 0x01, 0x0C, 0x00, 0x00, 0x00, + 0x00, 0x00 }; + + common_test_invalid_pdu (pdu, G_N_ELEMENTS (pdu)); +} + /********************* SMS ADDRESS ENCODER TESTS *********************/ static void @@ -766,6 +776,7 @@ int main (int argc, char **argv) g_test_add_func ("/MM/SMS/3GPP/PDU-Parser/pdu-no-address", test_pdu_no_address); g_test_add_func ("/MM/SMS/3GPP/PDU-Parser/pdu-wrong-address-size", test_pdu_wrong_address_size); g_test_add_func ("/MM/SMS/3GPP/PDU-Parser/pdu-wrong-user-data-elements-size", test_pdu_wrong_user_data_elements_size); + g_test_add_func ("/MM/SMS/3GPP/PDU-Parser/pdu-wrong-udh", test_pdu_wrong_udh); g_test_add_func ("/MM/SMS/3GPP/Address-Encoder/smsc-intl", test_address_encode_smsc_intl); g_test_add_func ("/MM/SMS/3GPP/Address-Encoder/smsc-unknown", test_address_encode_smsc_unknown); |