nitb: Check source string length before calling strncpy (Coverity)
Currently some VTY command do neither check the length of the source string before calling strncpy nor ensure NUL-termination afterwards. This can to destination string buffers whose contents are not NUL-teminated. This commit adds checks and corresponding warnings to the VTY commands 'subscriber TYPE ID name .NAME" and "subscriber TYPE ID extension EXTENSION". Fixes: Coverity CID 1206570, 1206569 Sponsored-by: On-Waves ehf
This commit is contained in:
parent
5b51205187
commit
322b1499cd
|
@ -548,6 +548,13 @@ DEFUN(ena_subscr_name,
|
|||
return CMD_WARNING;
|
||||
}
|
||||
|
||||
if (strlen(name) > sizeof(subscr->name)-1) {
|
||||
vty_out(vty,
|
||||
"%% NAME is too long, max. %d characters are allowed%s",
|
||||
sizeof(subscr->name)-1, VTY_NEWLINE);
|
||||
return CMD_WARNING;
|
||||
}
|
||||
|
||||
strncpy(subscr->name, name, sizeof(subscr->name));
|
||||
talloc_free(name);
|
||||
db_sync_subscriber(subscr);
|
||||
|
@ -574,6 +581,13 @@ DEFUN(ena_subscr_extension,
|
|||
return CMD_WARNING;
|
||||
}
|
||||
|
||||
if (strlen(ext) > sizeof(subscr->extension)-1) {
|
||||
vty_out(vty,
|
||||
"%% EXTENSION is too long, max. %d characters are allowed%s",
|
||||
sizeof(subscr->extension)-1, VTY_NEWLINE);
|
||||
return CMD_WARNING;
|
||||
}
|
||||
|
||||
strncpy(subscr->extension, ext, sizeof(subscr->extension));
|
||||
db_sync_subscriber(subscr);
|
||||
|
||||
|
|
|
@ -286,6 +286,32 @@ class TestVTYNITB(TestVTYGenericBSC):
|
|||
res = self.vty.command('show subscriber imsi '+imsi)
|
||||
self.assert_(res != '% No subscriber found for imsi '+imsi)
|
||||
|
||||
def testSubscriberSettings(self):
|
||||
self.vty.enable()
|
||||
|
||||
imsi = "204300854013739"
|
||||
wrong_imsi = "204300999999999"
|
||||
|
||||
# Lets create one
|
||||
res = self.vty.command('subscriber create imsi '+imsi)
|
||||
self.assert_(res.find(" IMSI: "+imsi) > 0)
|
||||
|
||||
self.vty.verify('subscriber imsi '+wrong_imsi+' name wrong', ['% No subscriber found for imsi '+wrong_imsi])
|
||||
res = self.vty.command('subscriber imsi '+imsi+' name '+('X' * 160))
|
||||
self.assert_(res.find("NAME is too long") > 0)
|
||||
|
||||
self.vty.verify('subscriber imsi '+imsi+' name '+('G' * 159), [''])
|
||||
|
||||
self.vty.verify('subscriber imsi '+wrong_imsi+' extension 840', ['% No subscriber found for imsi '+wrong_imsi])
|
||||
res = self.vty.command('subscriber imsi '+imsi+' extension '+('9' * 15))
|
||||
self.assert_(res.find("EXTENSION is too long") > 0)
|
||||
|
||||
self.vty.verify('subscriber imsi '+imsi+' extension '+('1' * 14), [''])
|
||||
|
||||
# Delete it
|
||||
res = self.vty.command('subscriber delete imsi '+imsi)
|
||||
self.assert_(res != "")
|
||||
|
||||
def testShowPagingGroup(self):
|
||||
res = self.vty.command("show paging-group 255 1234567")
|
||||
self.assertEqual(res, "% can't find BTS 255")
|
||||
|
|
Loading…
Reference in New Issue