[asterisk-bugs] [LibSS7 0015564]: Wrong LSSU size

Asterisk Bug Tracker noreply at bugs.digium.com
Sun Jan 23 13:52:47 CST 2011 

The following issue is now in status NEW (again) 
====================================================================== 
https://issues.asterisk.org/view.php?id=15564 
====================================================================== 
Reported By:                Tian00di00
Assigned To:                
====================================================================== 
Project:                    LibSS7
Issue ID:                   15564
Category:                   General
Reproducibility:            have not tried
Severity:                   minor
Priority:                   normal
Status:                     new
Asterisk Version:           SVN 
JIRA:                        
SVN Branch (only for SVN checkouts, not tarball releases):  trunk 
SVN Revision (number only!): 269 
Disclaimer on File?:        N/A 
Request Review:              
====================================================================== 
Date Submitted:             2009-07-23 22:55 CDT
Last Modified:              2011-01-23 13:52 CST
====================================================================== 
Summary:                    Wrong LSSU size
Description: 
SVN Rev.: 269
Source file: mtp2.c
Lines: 650-651
Snippet of the buggy codes are reproduced below:

static int lssu_rx(struct mtp2 *link, struct mtp_su_head *h, int len)
{
 unsigned char lssutype = lssu_type(h);

 if (len > (LSSU_SIZE + 2))  /* FCS is two bytes */
  mtp_error(link->master, "Received LSSU with length %d longer than 
expected\n", len);


Because LSSU_SIZE is #defined to be 6, the if statement in the code above

translates to:

if (len > (6 + 2))
    mtp_error(link->master, "Received LSSU with length %d longer than 
expected\n", len);

but LSSU is of fixed length (6 octets), so it's a bug! The above codes
will 
fail to issue a warning message when an erroneous LSSU with length 7 of 8
is 
received.

====================================================================== 

Issue History 
Date Modified    Username       Field                    Change               
====================================================================== 
2011-01-23 13:52 tilghman       Asterisk Version         1.6.0.10 => SVN     
2011-01-23 13:52 tilghman       Assigned To              mattf =>            
2011-01-23 13:52 tilghman       Status                   assigned => new     
======================================================================

More information about the asterisk-bugs mailing list