aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/libmsc/db.c12
-rw-r--r--tests/db_sms/db_sms_test.c3
-rw-r--r--tests/db_sms/db_sms_test.err5
3 files changed, 14 insertions, 6 deletions
diff --git a/src/libmsc/db.c b/src/libmsc/db.c
index b564697f9..add6304d0 100644
--- a/src/libmsc/db.c
+++ b/src/libmsc/db.c
@@ -695,14 +695,20 @@ int db_sms_store(struct gsm_sms *sms)
{
dbi_result result;
char *q_text, *q_daddr, *q_saddr;
- unsigned char *q_udata;
+ unsigned char *q_udata = NULL;
time_t now, validity_timestamp;
dbi_conn_quote_string_copy(conn, (char *)sms->text, &q_text);
dbi_conn_quote_string_copy(conn, (char *)sms->dst.addr, &q_daddr);
dbi_conn_quote_string_copy(conn, (char *)sms->src.addr, &q_saddr);
- dbi_conn_quote_binary_copy(conn, sms->user_data, sms->user_data_len,
- &q_udata);
+
+ /* Guard against zero-length input, as this may cause
+ * buffer overruns in libdbi / libdbdsqlite3. */
+ if (sms->user_data_len > 0) {
+ dbi_conn_quote_binary_copy(conn, sms->user_data,
+ sms->user_data_len,
+ &q_udata);
+ }
now = time(NULL);
validity_timestamp = now + sms->validity_minutes * 60;
diff --git a/tests/db_sms/db_sms_test.c b/tests/db_sms/db_sms_test.c
index 93aed2b23..a97f7c75a 100644
--- a/tests/db_sms/db_sms_test.c
+++ b/tests/db_sms/db_sms_test.c
@@ -247,8 +247,6 @@ static struct sms_test {
},
.ud = &sms_tp_ud_set[0],
},
-#if 0
- /* FIXME: there is a bug that causes ASAN / Valgrind to complain */
{
.name = "Empty TP-UD",
.sms = {
@@ -267,7 +265,6 @@ static struct sms_test {
},
.ud = NULL,
},
-#endif
};
static void prepare_sms_test_set(void)
diff --git a/tests/db_sms/db_sms_test.err b/tests/db_sms/db_sms_test.err
index 73dbd8ef0..e0a329d32 100644
--- a/tests/db_sms/db_sms_test.err
+++ b/tests/db_sms/db_sms_test.err
@@ -11,6 +11,7 @@ DDB NOTICE test_db_sms_store('Truncated TP-UD (255 octets, 8-bit encoding)'): su
DDB NOTICE test_db_sms_store('Same MSISDN #1'): success, as expected
DDB NOTICE test_db_sms_store('Same MSISDN #2'): success, as expected
DDB NOTICE test_db_sms_store('Expired SMS'): success, as expected
+DDB NOTICE test_db_sms_store('Empty TP-UD'): success, as expected
DDB INFO Testing db_sms_get()...
DDB NOTICE test_db_sms_get('Regular MO SMS'): success, as expected
DDB NOTICE verify_sms('Regular MO SMS'): match
@@ -32,6 +33,8 @@ DDB NOTICE test_db_sms_get('Same MSISDN #2'): success, as expected
DDB NOTICE verify_sms('Same MSISDN #2'): match
DDB NOTICE test_db_sms_get('Expired SMS'): success, as expected
DDB NOTICE verify_sms('Expired SMS'): match
+DDB NOTICE test_db_sms_get('Empty TP-UD'): success, as expected
+DDB NOTICE verify_sms('Empty TP-UD'): match
DDB INFO Testing db_sms_get_next_unsent() and db_sms_mark_delivered()...
DDB NOTICE db_sms_get_next_unsent(#1): found
DDB NOTICE verify_sms('Regular MO SMS'): match
@@ -67,4 +70,6 @@ DDB NOTICE test_db_sms_get('Same MSISDN #1'): failure, as expected
DDB NOTICE test_db_sms_get('Same MSISDN #2'): failure, as expected
DDB NOTICE test_db_sms_get('Expired SMS'): unexpected result
DDB NOTICE verify_sms('Expired SMS'): match
+DDB NOTICE test_db_sms_get('Empty TP-UD'): success, as expected
+DDB NOTICE verify_sms('Empty TP-UD'): match
full talloc report on 'null_context' (total 0 bytes in 1 blocks)
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-21 03:16:36 +0000