[asterisk-dev] A bug in libss7!
John Todd
jtodd at digium.com
Thu Jul 16 18:57:38 CDT 2009
On Jul 16, 2009, at 12:36 AM, tian wrote:
> Hi, guys!
>
> I think I have spotted a bug in libss7 while reading the source
> code, I
> tried to report the suspected bug to the code maintainer by sending
> mail to
> creslin at digium.com, but there has been no reply.
>
> Is this a bug or not? I hope you guys will help me check it, thanks!
>
> SVN Rev.: 269
> Source file: mtp2.c
> Lines: 650-651
> Snippet of the buggy codes are reproduced below:
>
> static int lssu_rx(struct mtp2 *link, struct mtp_su_head *h, int len)
> {
> unsigned char lssutype = lssu_type(h);
>
> if (len > (LSSU_SIZE + 2)) /* FCS is two bytes */
> mtp_error(link->master, "Received LSSU with length %d longer than
> expected\n", len);
>
>
> Because LSSU_SIZE is #defined to be 6, the if statement in the code
> above
> translates to:
>
> if (len > (6 + 2))
> mtp_error(link->master, "Received LSSU with length %d longer than
> expected\n", len);
>
> but LSSU is of fixed length (6 octets), so it's a bug! The above
> codes will
> fail to issue a warning message when an erroneous LSSU with length 7
> of 8 is
> received.
>
>
> Regards,
>
> Tian
Tian -
Thanks for looking through the code! Often, writing to authors
does not get a quick reply (or a reply at all) because of other work
they're doing on other projects, or they simply don't have the time to
work on that section of development. However, that does not mean
nobody else is looking at it! Please open a ticket on
issues.asterisk.org so that others may participate in the discussion
of this problem, and so that there is permanent tracking that can be
viewed and accessed by everyone on the project.
JT
---
John Todd email:jtodd at digium.com
Digium, Inc. | Asterisk Open Source Community Director
445 Jan Davis Drive NW - Huntsville AL 35806 - USA
direct: +1-256-428-6083 http://www.digium.com/
More information about the asterisk-dev
mailing list