[asterisk-bugs] [JIRA] Commented: (SS7-38) Wrong LSSU size

[Kaloyan Kovachev (JIRA)]

    [ https://issues.asterisk.org/jira/browse/SS7-38?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=194852#comment-194852 ] 

Kaloyan Kovachev commented on SS7-38:
-------------------------------------

Partially correct (ITU-T Q.703). There is actually a bug in both the code and the comment. The comment should say that Status Filed (not FCS) can be 2 bytes, so the check should for (LSSU_SIZE + 1) i.e. 6 or 7 bytes

> Wrong LSSU size
> ---------------
>
>                 Key: SS7-38
>                 URL: https://issues.asterisk.org/jira/browse/SS7-38
>             Project: LibSS7
>          Issue Type: Bug
>          Components: General
>            Reporter: tian
>            Severity: Minor
>
> SVN Rev.: 269
> Source file: mtp2.c
> Lines: 650-651
> Snippet of the buggy codes are reproduced below:
> static int lssu_rx(struct mtp2 *link, struct mtp_su_head *h, int len)
> {
>  unsigned char lssutype = lssu_type(h);
>  if (len > (LSSU_SIZE + 2))  /* FCS is two bytes */
>   mtp_error(link->master, "Received LSSU with length %d longer than 
> expected\n", len);
> Because LSSU_SIZE is #defined to be 6, the if statement in the code above 
> translates to:
> if (len > (6 + 2))
>     mtp_error(link->master, "Received LSSU with length %d longer than 
> expected\n", len);
> but LSSU is of fixed length (6 octets), so it's a bug! The above codes will 
> fail to issue a warning message when an erroneous LSSU with length 7 of 8 is 
> received.
> ****** ADDITIONAL INFORMATION ******
> I am only reading the libss7 source code without a running Asterisk box.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira