ussd: Add next test that show that we access the data out of bounds

This test is showing that the internal ASN1 code is not checking
the size properly.

tests/ussd/ussd_test.c

@@ -47,6 +47,23 @@ static int parse_ussd(const uint8_t *_data, int len)
 	return rc;
 }
 
+static int parse_mangle_ussd(const uint8_t *_data, int len)
+{
+	uint8_t *data;
+	int rc;
+	struct ussd_request req;
+	struct gsm48_hdr *hdr;
+
+	data = malloc(len);
+	memcpy(data, _data, len);
+	hdr = (struct gsm48_hdr *) &data[0];
+	hdr->data[1] = len - sizeof(*hdr) - 2;
+	rc = gsm0480_decode_ussd_request(hdr, len, &req);
+	free(data);
+
+	return rc;
+}
+
 int main(int argc, char **argv)
 {
 	const int size = sizeof(ussd_request);
@@ -59,5 +76,11 @@ int main(int argc, char **argv)
 		printf("Result for %d is %d\n", rc, i);
 	}
 
+	printf("Mangling the container now\n");
+	for (i = size; i > sizeof(struct gsm48_hdr) + 2; --i) {
+		int rc = parse_mangle_ussd(&ussd_request[0], i);
+		printf("Result for %d is %d\n", rc, i);
+	}
+
 	return 0;
 }