diff options
-rw-r--r-- | src/libmsc/db.c | 12 | ||||
-rw-r--r-- | tests/db_sms/db_sms_test.c | 3 | ||||
-rw-r--r-- | tests/db_sms/db_sms_test.err | 5 |
3 files changed, 14 insertions, 6 deletions
diff --git a/src/libmsc/db.c b/src/libmsc/db.c index b564697f9..add6304d0 100644 --- a/src/libmsc/db.c +++ b/src/libmsc/db.c @@ -695,14 +695,20 @@ int db_sms_store(struct gsm_sms *sms) { dbi_result result; char *q_text, *q_daddr, *q_saddr; - unsigned char *q_udata; + unsigned char *q_udata = NULL; time_t now, validity_timestamp; dbi_conn_quote_string_copy(conn, (char *)sms->text, &q_text); dbi_conn_quote_string_copy(conn, (char *)sms->dst.addr, &q_daddr); dbi_conn_quote_string_copy(conn, (char *)sms->src.addr, &q_saddr); - dbi_conn_quote_binary_copy(conn, sms->user_data, sms->user_data_len, - &q_udata); + + /* Guard against zero-length input, as this may cause + * buffer overruns in libdbi / libdbdsqlite3. */ + if (sms->user_data_len > 0) { + dbi_conn_quote_binary_copy(conn, sms->user_data, + sms->user_data_len, + &q_udata); + } now = time(NULL); validity_timestamp = now + sms->validity_minutes * 60; diff --git a/tests/db_sms/db_sms_test.c b/tests/db_sms/db_sms_test.c index 93aed2b23..a97f7c75a 100644 --- a/tests/db_sms/db_sms_test.c +++ b/tests/db_sms/db_sms_test.c @@ -247,8 +247,6 @@ static struct sms_test { }, .ud = &sms_tp_ud_set[0], }, -#if 0 - /* FIXME: there is a bug that causes ASAN / Valgrind to complain */ { .name = "Empty TP-UD", .sms = { @@ -267,7 +265,6 @@ static struct sms_test { }, .ud = NULL, }, -#endif }; static void prepare_sms_test_set(void) diff --git a/tests/db_sms/db_sms_test.err b/tests/db_sms/db_sms_test.err index 73dbd8ef0..e0a329d32 100644 --- a/tests/db_sms/db_sms_test.err +++ b/tests/db_sms/db_sms_test.err @@ -11,6 +11,7 @@ DDB NOTICE test_db_sms_store('Truncated TP-UD (255 octets, 8-bit encoding)'): su DDB NOTICE test_db_sms_store('Same MSISDN #1'): success, as expected DDB NOTICE test_db_sms_store('Same MSISDN #2'): success, as expected DDB NOTICE test_db_sms_store('Expired SMS'): success, as expected +DDB NOTICE test_db_sms_store('Empty TP-UD'): success, as expected DDB INFO Testing db_sms_get()... DDB NOTICE test_db_sms_get('Regular MO SMS'): success, as expected DDB NOTICE verify_sms('Regular MO SMS'): match @@ -32,6 +33,8 @@ DDB NOTICE test_db_sms_get('Same MSISDN #2'): success, as expected DDB NOTICE verify_sms('Same MSISDN #2'): match DDB NOTICE test_db_sms_get('Expired SMS'): success, as expected DDB NOTICE verify_sms('Expired SMS'): match +DDB NOTICE test_db_sms_get('Empty TP-UD'): success, as expected +DDB NOTICE verify_sms('Empty TP-UD'): match DDB INFO Testing db_sms_get_next_unsent() and db_sms_mark_delivered()... DDB NOTICE db_sms_get_next_unsent(#1): found DDB NOTICE verify_sms('Regular MO SMS'): match @@ -67,4 +70,6 @@ DDB NOTICE test_db_sms_get('Same MSISDN #1'): failure, as expected DDB NOTICE test_db_sms_get('Same MSISDN #2'): failure, as expected DDB NOTICE test_db_sms_get('Expired SMS'): unexpected result DDB NOTICE verify_sms('Expired SMS'): match +DDB NOTICE test_db_sms_get('Empty TP-UD'): success, as expected +DDB NOTICE verify_sms('Empty TP-UD'): match full talloc report on 'null_context' (total 0 bytes in 1 blocks) |