From 943133cad89cc133dbe9fba8fc19249ce57d33ad Mon Sep 17 00:00:00 2001
From: Vadim Yanitskiy <vyanitskiy@sysmocom.de>
Date: Sat, 30 Jan 2021 01:31:32 +0100
Subject: gsm_7bit_encode_n(): fix integer overflow in gsm_septets2octets()

Using 'uint8_t' for the length argument is definitely a bad idea.
Because of this, packing more than 255 septets would not work as
expected.  Deprecate the old function and use 'size_t' instead.

Change-Id: Ib1aac538afeb0a5c76a1df472d555139a496e12e
---
 src/gsm/gsm_utils.c    | 10 ++++++++--
 src/gsm/libosmogsm.map |  1 +
 2 files changed, 9 insertions(+), 2 deletions(-)

(limited to 'src')

diff --git a/src/gsm/gsm_utils.c b/src/gsm/gsm_utils.c
index ae77a9dc..07e082d3 100644
--- a/src/gsm/gsm_utils.c
+++ b/src/gsm/gsm_utils.c
@@ -324,7 +324,7 @@ int gsm_septet_encode(uint8_t *result, const char *data)
  *  \param[in] septet_len Length of \a rdata
  *  \param[in] padding padding bits at start
  *  \returns number of bytes used in \a result */
-int gsm_septets2octets(uint8_t *result, const uint8_t *rdata, uint8_t septet_len, uint8_t padding)
+int gsm_septet_pack(uint8_t *result, const uint8_t *rdata, size_t septet_len, uint8_t padding)
 {
 	int i = 0, z = 0;
 	uint8_t cb, nb;
@@ -369,6 +369,12 @@ int gsm_septets2octets(uint8_t *result, const uint8_t *rdata, uint8_t septet_len
 	return z;
 }
 
+/*! Backwards compatibility wrapper for gsm_septets_pack(), deprecated. */
+int gsm_septets2octets(uint8_t *result, const uint8_t *rdata, uint8_t septet_len, uint8_t padding)
+{
+	return gsm_septet_pack(result, rdata, septet_len, padding);
+}
+
 /*! GSM 7-bit alphabet TS 03.38 6.2.1 Character packing
  *  \param[out] result Caller-provided output buffer
  *  \param[in] n Maximum length of \a result in bytes
@@ -393,7 +399,7 @@ int gsm_7bit_encode_n(uint8_t *result, size_t n, const char *data, int *octets)
 		y = max_septets;
 	}
 
-	o = gsm_septets2octets(result, rdata, y, 0);
+	o = gsm_septet_pack(result, rdata, y, 0);
 
 	if (octets)
 		*octets = o;
diff --git a/src/gsm/libosmogsm.map b/src/gsm/libosmogsm.map
index c314c207..584d761d 100644
--- a/src/gsm/libosmogsm.map
+++ b/src/gsm/libosmogsm.map
@@ -478,6 +478,7 @@ osmo_dump_gsmtime_c;
 
 gsm_milenage;
 gsm_septet_encode;
+gsm_septet_pack;
 gsm_septets2octets;
 
 lapd_dl_exit;
-- 
cgit v1.2.3