[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: another error when gnokii --getsms

From: Daniele Forsi
Subject: Re: another error when gnokii --getsms
Date: Sat, 15 Aug 2009 13:59:22 +0200

2009/8/15 Pawel Kot:

> IMHO, it's not in line with ETSI spec.


> Please try out the following patch: 

pre increment doesn't seem right to me because the while loop will
have skipped all extended TP-PI (if any) and pdu[offset] will be the
octet to consider:

                while ((offset < pdu_len) && (pdu[offset++] & 0x80))
                if ((offset < pdu_len) && (parameter_indicator & 0x01)) {
                        /* TP-PID  TP-Protocol-Identifier */
                        rawsms->pid = pdu[++offset];
                if ((offset < pdu_len) && (parameter_indicator & 0x02)) {
                        /* TP-DCS  TP-Data-Coding-Scheme */
                        rawsms->dcs = pdu[++offset];
                if ((offset < pdu_len) && (parameter_indicator & 0x04)) {
                        /* TP-UDL  TP-User-Data-Length */
                        /* TP-UD   TP-User-Data */
                        COPY_USER_DATA(pdu, offset);

also in COPY_USER_DATA() from older code there is a check against
"1000" that I don't understand, it's probably to avoid a buffer
overflow in the following memcpy(rawsms->user_data, pdu + offset,
pdu_len - offset);
what about checking
against sizeof(rawsms->user_data) which is GN_SMS_LONG_MAX_LENGTH which is 10240
or against 255 because TP-UDL is an 8 bits quantity
or against the numbers shown in the specs, IIRC 143..156 depending on SMS type

Daniele Forsi

reply via email to

[Prev in Thread] Current Thread [Next in Thread]