Libss7 bug report!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Dear all,

I think I have spotted a bug in libss7 code, I hope somebody will check it.

SVN Rev.:    266
Source file: mtp2.c
Lines: 646-652
Snippet of the buggy codes are reproduced below:

static int lssu_rx(struct mtp2 *link, struct mtp_su_head *h, int len)
{
 unsigned char lssutype = lssu_type(h);

 if (len > (LSSU_SIZE + 2))  /* FCS is two bytes */
  mtp_error(link->master, "Received LSSU with length %d longer than expected\n", len);



*************************************Separator**********************************

Because LSSU_SIZE is #defined to be 6, the if statement in the code above translates to:

if (len > (6 + 2))
    mtp_error(link->master, "Received LSSU with length %d longer than expected\n", len);

but LSSU is of fixed length (6 octets), so it's a bug! The above codes will fail to issue a warning message when an erroneous LSSU with length 7 of 8 is received.

           8     7     6     5     4     3     2     1
        +-----+-----+-----+-----+-----+-----+-----+-----+
      1 | BIB |                   BSN                   |
        +-----+-----+-----+-----+-----+-----+-----+-----+
      2 | FIB |                   FSN                   |
        +-----+-----+-----+-----+-----+-----+-----+-----+
      3 |///spare///|            LI = 1 or 2            |
        |-----+-----+-----+-----+-----+-----+-----+-----+
      4 |////////////spare////////////|       LSI       |
        +-----+-----+-----+-----+-----+-----+-----+-----+
      5 |                                               |
        +---                    CK                    --+
      6 |                                               |
        +-----+-----+-----+-----+-----+-----+-----+-----+
                       format of an LSSU



Regards!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-ss7/attachments/20090707/093aadb3/attachment.htm 


[Index of Archives]     [Asterisk App Development]     [PJ SIP]     [Gnu Gatekeeper]     [IETF Sipping]     [Info Cyrus]     [ALSA User]     [Fedora Linux Users]     [Linux SCTP]     [DCCP]     [Gimp]     [Yosemite Backpacking]     [Deep Creek Hot Springs]     [Yosemite Campsites]     [ISDN Cause Codes]     [Asterisk Books]

  Powered by Linux