mirror of https://gerrit.osmocom.org/libosmocore
bssgp: Fix IMSI buffer size (Coverity)
Currently the size of the IMSI pointer is used instead of the size of
the talloc'ed buffer.
This commit changes the call to gsm48_mi_to_string to use the same
value that has been used with talloc_zero_size(). The length is
changed to 17 since that value is used for GSM_IMSI_LENGTH in
openbsc.
Fixes: Coverity CID 1040663
Sponsored-by: On-Waves ehf
This commit is contained in:
parent
2c58197e5d
commit
c1cb75eff5
|
@ -34,6 +34,8 @@
|
|||
|
||||
#include "common_vty.h"
|
||||
|
||||
#define GSM_IMSI_LENGTH 17
|
||||
|
||||
uint8_t *bssgp_msgb_tlli_put(struct msgb *msg, uint32_t tlli)
|
||||
{
|
||||
uint32_t _tlli = htonl(tlli);
|
||||
|
@ -498,8 +500,8 @@ int bssgp_rx_paging(struct bssgp_paging_info *pinfo,
|
|||
if (!TLVP_PRESENT(&tp, BSSGP_IE_IMSI))
|
||||
goto err_mand_ie;
|
||||
if (!pinfo->imsi)
|
||||
pinfo->imsi = talloc_zero_size(pinfo, 16);
|
||||
gsm48_mi_to_string(pinfo->imsi, sizeof(pinfo->imsi),
|
||||
pinfo->imsi = talloc_zero_size(pinfo, GSM_IMSI_LENGTH);
|
||||
gsm48_mi_to_string(pinfo->imsi, GSM_IMSI_LENGTH,
|
||||
TLVP_VAL(&tp, BSSGP_IE_IMSI),
|
||||
TLVP_LEN(&tp, BSSGP_IE_IMSI));
|
||||
|
||||
|
|
Loading…
Reference in New Issue