[asterisk-bugs] [LibSS7 0015564]: Wrong LSSU size

Asterisk Bug Tracker noreply at bugs.digium.com
Thu Jul 23 22:55:19 CDT 2009 

The following issue has been SUBMITTED. 
====================================================================== 
https://issues.asterisk.org/view.php?id=15564 
====================================================================== 
Reported By:                Tian00di00
Assigned To:                mattf
====================================================================== 
Project:                    LibSS7
Issue ID:                   15564
Category:                   General
Reproducibility:            have not tried
Severity:                   minor
Priority:                   normal
Status:                     assigned
Asterisk Version:           1.6.0.10 
SVN Branch (only for SVN checkouts, not tarball releases):  trunk 
SVN Revision (number only!): 269 
Disclaimer on File?:        N/A 
Request Review:              
====================================================================== 
Date Submitted:             2009-07-23 22:55 CDT
Last Modified:              2009-07-23 22:55 CDT
====================================================================== 
Summary:                    Wrong LSSU size
Description: 
SVN Rev.: 269
Source file: mtp2.c
Lines: 650-651
Snippet of the buggy codes are reproduced below:

static int lssu_rx(struct mtp2 *link, struct mtp_su_head *h, int len)
{
 unsigned char lssutype = lssu_type(h);

 if (len > (LSSU_SIZE + 2))  /* FCS is two bytes */
  mtp_error(link->master, "Received LSSU with length %d longer than 
expected\n", len);


Because LSSU_SIZE is #defined to be 6, the if statement in the code above

translates to:

if (len > (6 + 2))
    mtp_error(link->master, "Received LSSU with length %d longer than 
expected\n", len);

but LSSU is of fixed length (6 octets), so it's a bug! The above codes
will 
fail to issue a warning message when an erroneous LSSU with length 7 of 8
is 
received.

====================================================================== 

Issue History 
Date Modified    Username       Field                    Change               
====================================================================== 
2009-07-23 22:55 Tian00di00     New Issue                                    
2009-07-23 22:55 Tian00di00     Status                   new => assigned     
2009-07-23 22:55 Tian00di00     Assigned To               => mattf           
2009-07-23 22:55 Tian00di00     Asterisk Version          => 1.6.0.10        
2009-07-23 22:55 Tian00di00     SVN Branch (only for SVN checkouts, not tarball
releases) =>  trunk          
2009-07-23 22:55 Tian00di00     SVN Revision (number only!) => 269             
======================================================================

More information about the asterisk-bugs mailing list