osmocom
/
libosmocore
mirror of https://gerrit.osmocom.org/libosmocore
14
0
Fork 1
Code Issues Releases Wiki Activity

bssgp: Fix IMSI buffer size (Coverity) 

Currently the size of the IMSI pointer is used instead of the size of
the talloc'ed buffer.

This commit changes the call to gsm48_mi_to_string to use the same
value that has been used with talloc_zero_size(). The length is
changed to 17 since that value is used for GSM_IMSI_LENGTH in
openbsc.

Fixes: Coverity CID 1040663
Sponsored-by: On-Waves ehf
This commit is contained in:
Jacob Erlbeck 2015-06-18 13:21:30 +02:00 committed by Holger Hans Peter Freyther
parent 2c58197e5d
commit c1cb75eff5
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/gb/gprs_bssgp_bss.c
View File

@ -34,6 +34,8 @@
#include "common_vty.h"
#define GSM_IMSI_LENGTH 17
uint8_t *bssgp_msgb_tlli_put(struct msgb *msg, uint32_t tlli)
{
uint32_t _tlli = htonl(tlli);
@ -498,8 +500,8 @@ int bssgp_rx_paging(struct bssgp_paging_info *pinfo,
if (!TLVP_PRESENT(&tp, BSSGP_IE_IMSI))
goto err_mand_ie;
if (!pinfo->imsi)
pinfo->imsi = talloc_zero_size(pinfo, 16);
gsm48_mi_to_string(pinfo->imsi, sizeof(pinfo->imsi),
pinfo->imsi = talloc_zero_size(pinfo, GSM_IMSI_LENGTH);
gsm48_mi_to_string(pinfo->imsi, GSM_IMSI_LENGTH,
TLVP_VAL(&tp, BSSGP_IE_IMSI),
TLVP_LEN(&tp, BSSGP_IE_IMSI));