AT sms reading broken

[Pavel Machek]

Hi!

There's something wrong with atgen.c message reading:

First it seems very unlikely that we want UDHIndicator = MoreMessages
= ReportStatus, but the code in CVS does just that.

Next, it sometimes goes out of sync (like getting command echo instead
of reply, or getting unexpected okay), and gnokii segfaults if sms_len
is too small. I can reliably trigger that fprintf() by --getsms ME 1
10 on siemens.
                                                                Pavel


@@ -1022,13 +1023,12 @@
        if (!data->RawSMS) return GE_INTERNALERROR;

        sms_len = strlen(buf.line3) / 2;
-       tmp = calloc(sms_len, 1);
        dprintf("%s\n", buf.line3);
        hex2bin(tmp, buf.line3, sms_len);
        memcpy(data->RawSMS->MessageCenter, tmp, tmp[offset] + 1);
        offset += tmp[offset] + 1;
        data->RawSMS->Type             = tmp[offset] & 0x03;
-       data->RawSMS->UDHIndicator     = tmp[offset];
+       data->RawSMS->UDHIndicator     = tmp[offset];           /* FIXME: This 
very likely needs some & 0x?? */
        data->RawSMS->MoreMessages     = tmp[offset];
        data->RawSMS->ReportStatus     = tmp[offset];
        l = (tmp[offset + 1] % 2) ? tmp[offset + 1] + 1 : tmp[offset + 1] ;
@@ -1043,8 +1043,11 @@
        data->RawSMS->DCS              = tmp[offset + 2];
        memcpy(data->RawSMS->SMSCTime, tmp + offset + 3, 7);
        data->RawSMS->Length           = tmp[offset + 10] & 0x00ff;
+       if (sms_len - offset - 11 > 1000) {
+               fprintf(stderr, "Phone gave as poisonous (too short?) reply %s, 
either phone went crazy or communication went o\ut of sync\n", buf.line3);
+               return GE_INTERNALERROR;
+       }


-- 
Worst form of spam? Adding advertisment signatures ala sourceforge.net.
What goes next? Inserting advertisment *into* email?