fix mgcp_verify_ci(): off-by-one in max len check

MGCP_CONN_ID_MAXLEN actually includes a terminating nul, so we need to compare
strlen() against MGCP_CONN_ID_MAXLEN-1.

Log the length if it is too long.

Add MDCX_TOO_LONG_CI test to mgcp_test.c, testing a conn id of 33 characters.
Before this patch, the test returns error code 515 meaning "not found", while
now it returns 510 meaning "invalid", showing the off-by-one. Same is
illustrated by the error log ("not found" before, "too long" now), but the
error log is not verified by mgcp_test.c.

Change-Id: I8d6cc96be252bb486e94f343a8c7cae641ff9429
This commit is contained in:
Neels Hofmeyr 2018-09-03 22:05:48 +02:00
parent eb72ff058f
commit 5336f57f05
3 changed files with 23 additions and 3 deletions

View File

@ -454,10 +454,10 @@ int mgcp_verify_ci(struct mgcp_endpoint *endp, const char *conn_id)
}
/* Check for over long connection identifiers */
if (strlen(conn_id) > MGCP_CONN_ID_MAXLEN) {
if (strlen(conn_id) > (MGCP_CONN_ID_MAXLEN-1)) {
LOGP(DLMGCP, LOGL_ERROR,
"endpoint:0x%x invalid ConnectionIdentifier (too long) 0x%s\n",
ENDPOINT_NUMBER(endp), conn_id);
"endpoint:0x%x invalid ConnectionIdentifier (too long: %zu > %d) 0x%s\n",
ENDPOINT_NUMBER(endp), strlen(conn_id), MGCP_CONN_ID_MAXLEN-1, conn_id);
return 510;
}

View File

@ -230,6 +230,12 @@ static void test_strline(void)
"I: %s\r\n" \
"L: p:20, a:AMR, nt:IN\r\n"
#define MDCX_TOO_LONG_CI \
"MDCX 18983222 1@mgw MGCP 1.0\r\n" \
"I: 123456789012345678901234567890123\n"
#define MDCX_TOO_LONG_CI_RET "510 18983222 FAIL\r\n"
#define SHORT2 "CRCX 1"
#define SHORT2_RET "510 000000 FAIL\r\n"
#define SHORT3 "CRCX 1 1@mgw"
@ -510,6 +516,7 @@ static const struct mgcp_test tests[] = {
{"DLCX", DLCX, DLCX_RET, PTYPE_IGNORE,.extra_fmtp = "a=fmtp:126 0/1/2"},
{"CRCX", CRCX_NO_LCO_NO_SDP, CRCX_NO_LCO_NO_SDP_RET, 97},
{"CRCX", CRCX_X_OSMO_IGN, CRCX_X_OSMO_IGN_RET, 97},
{"MDCX_TOO_LONG_CI", MDCX_TOO_LONG_CI, MDCX_TOO_LONG_CI_RET},
};
static const struct mgcp_test retransmit[] = {

View File

@ -442,6 +442,19 @@ Response matches our expectations.
(response contains a connection id)
Dummy packets: 2
================================================
Testing MDCX_TOO_LONG_CI
creating message from statically defined input:
---------8<---------
MDCX 18983222 1@mgw MGCP 1.0
I: 123456789012345678901234567890123
---------8<---------
checking response:
using message as statically defined for comparison
Response matches our expectations.
(response does not contain a connection id)
================================================
Testing CRCX
creating message from statically defined input: