diff --git a/lib/crypt/zuc.c b/lib/crypt/zuc.c index a395edf2c..185c4cbd9 100644 --- a/lib/crypt/zuc.c +++ b/lib/crypt/zuc.c @@ -327,12 +327,18 @@ void zuc_eea3(u8* CK, u32 COUNT, u32 BEARER, u32 DIRECTION, C[i] = M[i] ^ ((z[i/4] >> (3-i%4)*8) & 0xff); } + /* + * Issues #3349 + * Valgrind memcheck: Invalid read & write: Add {}. + */ + /* zero last bits of data in case its length is not word-aligned (32 bits) this is an addition to the C reference code, which did not handle it */ - if (lastbits) + if (lastbits) { i--; C[i] &= 0x100 - (1<length = OGS_NAS_5GS_MOBILE_IDENTITY_SUCI_MIN_SIZE + scheme_output_size; mobile_identity->buffer = ogs_calloc(1, mobile_identity->length); + ogs_assert(mobile_identity->buffer); memcpy(mobile_identity->buffer, mobile_identity_suci, OGS_NAS_5GS_MOBILE_IDENTITY_SUCI_MIN_SIZE); @@ -1047,9 +1048,12 @@ static void test_ue_set_mobile_identity(test_ue_t *test_ue, static void test_ue_set_mobile_identity_imsi(test_ue_t *test_ue) { + int imsi_len = 0; ogs_assert(test_ue); ogs_assert(test_ue->imsi); + imsi_len = strlen(test_ue->imsi); + test_ue->mobile_identity_imsi.odd_even = OGS_NAS_MOBILE_IDENTITY_ODD; test_ue->mobile_identity_imsi.type = OGS_NAS_MOBILE_IDENTITY_IMSI; test_ue->mobile_identity_imsi.digit1 = test_ue->imsi[0] - '0'; @@ -1060,13 +1064,32 @@ static void test_ue_set_mobile_identity_imsi(test_ue_t *test_ue) test_ue->mobile_identity_imsi.digit6 = test_ue->imsi[5] - '0'; test_ue->mobile_identity_imsi.digit7 = test_ue->imsi[6] - '0'; test_ue->mobile_identity_imsi.digit8 = test_ue->imsi[7] - '0'; - test_ue->mobile_identity_imsi.digit9 = test_ue->imsi[8] - '0'; - test_ue->mobile_identity_imsi.digit10 = test_ue->imsi[9] - '0'; - test_ue->mobile_identity_imsi.digit11 = test_ue->imsi[10] - '0'; - test_ue->mobile_identity_imsi.digit12 = test_ue->imsi[11] - '0'; - test_ue->mobile_identity_imsi.digit13 = test_ue->imsi[12] - '0'; - test_ue->mobile_identity_imsi.digit14 = test_ue->imsi[13] - '0'; - test_ue->mobile_identity_imsi.digit15 = test_ue->imsi[14] - '0'; + + /* + * Issue #3349 + * + * Valgrind memcheck: Function test_ue_set_mobile_identity_imsi() uses + * a max 15 digit IMSI. The configuration file slice.yaml.in uses + * a 3 digit MCC & 2 digit MNC. The memcheck tool reports an issue + * for an invalid memory read when a <15 digit IMSI is used + * in test_ue_set_mobile_identity_imsi(). 1 way to fix the issue is + * to use a full 10 digit MSIN here (was using 8 digits). + */ + + if (imsi_len > 8) + test_ue->mobile_identity_imsi.digit9 = test_ue->imsi[8] - '0'; + if (imsi_len > 9) + test_ue->mobile_identity_imsi.digit10 = test_ue->imsi[9] - '0'; + if (imsi_len > 10) + test_ue->mobile_identity_imsi.digit11 = test_ue->imsi[10] - '0'; + if (imsi_len > 11) + test_ue->mobile_identity_imsi.digit12 = test_ue->imsi[11] - '0'; + if (imsi_len > 12) + test_ue->mobile_identity_imsi.digit13 = test_ue->imsi[12] - '0'; + if (imsi_len > 13) + test_ue->mobile_identity_imsi.digit14 = test_ue->imsi[13] - '0'; + if (imsi_len > 14) + test_ue->mobile_identity_imsi.digit15 = test_ue->imsi[14] - '0'; } static void test_ue_set_mobile_identity_imsisv(test_ue_t *test_ue) diff --git a/tests/volte/diameter-rx-path.c b/tests/volte/diameter-rx-path.c index 0b75dc511..a8fcb021c 100644 --- a/tests/volte/diameter-rx-path.c +++ b/tests/volte/diameter-rx-path.c @@ -2122,8 +2122,6 @@ int test_rx_init(void) int ret; struct disp_when data; - test_cx_init(); - /* Install objects definitions for this application */ ret = ogs_diam_rx_init(); ogs_assert(ret == 0);