silent_call: use osmo_strlcpy() instead of strncpy()

If gsm_silent_call_start() is called with an over long string in
traffic_dst_ip, then the target string might be left unterminated. Lets
use osmo_strlcpy() so that we can be sure the result in scd->traffic_ip
is always terminated.

Fixes: CID#196068
Change-Id: Ic81842175e412ae7d97d023b612412f33411d60c
This commit is contained in:
Philipp Maier 2019-03-15 09:43:40 +01:00
parent 935583069d
commit 9286114f6f
1 changed files with 2 additions and 1 deletions

View File

@ -26,6 +26,7 @@
#include <osmocom/core/byteswap.h>
#include <osmocom/core/msgb.h>
#include <osmocom/core/utils.h>
#include <osmocom/msc/signal.h>
#include <osmocom/msc/debug.h>
#include <osmocom/msc/gsm_data.h>
@ -202,7 +203,7 @@ int gsm_silent_call_start(struct vlr_subscr *vsub,
memcpy(&scd->ct, ct, sizeof(scd->ct));
if (traffic_dst_ip) {
strncpy(scd->traffic_ip, traffic_dst_ip, sizeof(scd->traffic_ip));
osmo_strlcpy(scd->traffic_ip, traffic_dst_ip, sizeof(scd->traffic_ip));
scd->traffic_port = traffic_dst_port;
}