From e26ac787d7810fd7a2a07c42faf24b669d93daf3 Mon Sep 17 00:00:00 2001 From: Michael Zillgith Date: Tue, 24 Oct 2017 11:41:25 +0200 Subject: [PATCH] - MMS client: file services -fixed encoding problem with long file names --- .../server_example_password_auth.c | 2 -- src/mms/iso_mms/client/mms_client_files.c | 27 ++++++++----------- src/mms/iso_mms/server/mms_file_service.c | 5 ++++ 3 files changed, 16 insertions(+), 18 deletions(-) diff --git a/examples/server_example_password_auth/server_example_password_auth.c b/examples/server_example_password_auth/server_example_password_auth.c index 2551ac86..92f7aac5 100644 --- a/examples/server_example_password_auth/server_example_password_auth.c +++ b/examples/server_example_password_auth/server_example_password_auth.c @@ -47,8 +47,6 @@ static void printAppTitle(ItuObjectIdentifier* oid) if (i != (oid->arcCount - 1)) printf("."); } - - printf("\n"); } /** diff --git a/src/mms/iso_mms/client/mms_client_files.c b/src/mms/iso_mms/client/mms_client_files.c index 5ac38e36..19cfed83 100644 --- a/src/mms/iso_mms/client/mms_client_files.c +++ b/src/mms/iso_mms/client/mms_client_files.c @@ -202,13 +202,13 @@ mmsClient_createFileOpenRequest(uint32_t invokeId, ByteBuffer* request, const ch uint32_t invokeIdSize = BerEncoder_UInt32determineEncodedSize(invokeId); uint32_t fileNameStringSize = strlen(fileName); - uint32_t fileNameSize = 1+ BerEncoder_determineLengthSize(fileNameStringSize) + fileNameStringSize; + uint32_t fileNameSize = 1 + BerEncoder_determineLengthSize(fileNameStringSize) + fileNameStringSize; uint32_t fileNameSeqSize = fileNameSize; - uint32_t fileOpenRequestSize = fileNameSeqSize + 2 + BerEncoder_UInt32determineEncodedSize(initialPosition) + 2; + uint32_t fileOpenRequestSize = 1 + BerEncoder_determineLengthSize(fileNameSeqSize) + fileNameSeqSize + 2 + BerEncoder_UInt32determineEncodedSize(initialPosition); - uint32_t confirmedRequestPduSize = 1 + 2 + 2 + invokeIdSize + fileOpenRequestSize; + uint32_t confirmedRequestPduSize = 2 + invokeIdSize + 2 + BerEncoder_determineLengthSize(fileOpenRequestSize) + fileOpenRequestSize; int bufPos = 0; uint8_t* buffer = request->buffer; @@ -221,9 +221,10 @@ mmsClient_createFileOpenRequest(uint32_t invokeId, ByteBuffer* request, const ch buffer[bufPos++] = 0xbf; buffer[bufPos++] = 0x48; bufPos = BerEncoder_encodeLength(fileOpenRequestSize, buffer, bufPos); - bufPos = BerEncoder_encodeTL(0xa0, fileNameSeqSize, buffer, bufPos); + bufPos = BerEncoder_encodeTL(0xa0, fileNameSeqSize, buffer, bufPos); bufPos = BerEncoder_encodeOctetString(0x19, (uint8_t*) fileName, fileNameStringSize, buffer, bufPos); + bufPos = BerEncoder_encodeUInt32WithTL(0x81, initialPosition, buffer, bufPos); request->size = bufPos; @@ -237,11 +238,9 @@ mmsClient_createFileDeleteRequest(uint32_t invokeId, ByteBuffer* request, const uint32_t fileNameStringSize = strlen(fileName); uint32_t fileNameSize = 1 + BerEncoder_determineLengthSize(fileNameStringSize) + fileNameStringSize; - uint32_t fileNameSeqSize = fileNameSize; - - uint32_t fileDeleteRequestSize = fileNameSeqSize; // + 2; + uint32_t fileDeleteRequestSize = fileNameSize; - uint32_t confirmedRequestPduSize = 1 + 2 + 2 + invokeIdSize + fileDeleteRequestSize; + uint32_t confirmedRequestPduSize = 1 + 2 + invokeIdSize + 1 + BerEncoder_determineLengthSize(fileDeleteRequestSize) + fileDeleteRequestSize; int bufPos = 0; uint8_t* buffer = request->buffer; @@ -314,7 +313,7 @@ mmsClient_createFileDirectoryRequest(uint32_t invokeId, ByteBuffer* request, con { uint32_t invokeIdSize = BerEncoder_UInt32determineEncodedSize(invokeId); - uint32_t confirmedRequestPduSize = 1 + 2 + 2 + invokeIdSize + 0; + uint32_t confirmedRequestPduSize = 1 + 2 + 1 + invokeIdSize; uint32_t parameterSize = 0; @@ -324,7 +323,7 @@ mmsClient_createFileDirectoryRequest(uint32_t invokeId, ByteBuffer* request, con if (continueAfter) parameterSize += encodeFileSpecification(0xa1, continueAfter, NULL, 0); - confirmedRequestPduSize += parameterSize; + confirmedRequestPduSize += BerEncoder_determineLengthSize(parameterSize) + parameterSize; int bufPos = 0; uint8_t* buffer = request->buffer; @@ -353,15 +352,13 @@ mmsClient_createFileRenameRequest(uint32_t invokeId, ByteBuffer* request, const { uint32_t invokeIdSize = BerEncoder_UInt32determineEncodedSize(invokeId); - uint32_t confirmedRequestPduSize = 1 + 2 + 2 + invokeIdSize; - uint32_t parameterSize = 0; parameterSize += encodeFileSpecification(0xa0, currentFileName, NULL, 0); parameterSize += encodeFileSpecification(0xa1, newFileName, NULL, 0); - confirmedRequestPduSize += parameterSize; + uint32_t confirmedRequestPduSize = 2 + invokeIdSize + 2 + BerEncoder_determineLengthSize(parameterSize) + parameterSize; int bufPos = 0; uint8_t* buffer = request->buffer; @@ -387,15 +384,13 @@ mmsClient_createObtainFileRequest(uint32_t invokeId, ByteBuffer* request, const { uint32_t invokeIdSize = BerEncoder_UInt32determineEncodedSize(invokeId); - uint32_t confirmedRequestPduSize = 1 + 2 + 2 + invokeIdSize; - uint32_t parameterSize = 0; parameterSize += encodeFileSpecification(0xa0, sourceFile, NULL, 0); parameterSize += encodeFileSpecification(0xa1, destinationFile, NULL, 0); - confirmedRequestPduSize += parameterSize; + uint32_t confirmedRequestPduSize = 2 + invokeIdSize + 2 + BerEncoder_determineLengthSize(parameterSize) + parameterSize; int bufPos = 0; uint8_t* buffer = request->buffer; diff --git a/src/mms/iso_mms/server/mms_file_service.c b/src/mms/iso_mms/server/mms_file_service.c index 0bc5dcc8..42feced2 100644 --- a/src/mms/iso_mms/server/mms_file_service.c +++ b/src/mms/iso_mms/server/mms_file_service.c @@ -251,6 +251,11 @@ mmsServer_handleFileDeleteRequest( bufPos = BerDecoder_decodeLength(buffer, &length, bufPos, maxBufPos); + if (length > 255) { + mmsMsg_createMmsRejectPdu(&invokeId, MMS_ERROR_REJECT_REQUEST_INVALID_ARGUMENT, response); + return; + } + char filename[256]; memcpy(filename, buffer + bufPos, length);