openbsc[master]: sgsn: fix problem with leading-zero-IMSIs

Harald Welte gerrit-no-reply at
Tue Feb 28 18:20:57 UTC 2017

Patch Set 1: Code-Review-2

(1 comment)
File openbsc/src/gprs/sgsn_vty.c:

Line 595: 	sprintf(imsi_sanitized,"%015li", atol(argv[1]));
please always use snprintf to ensure we're not overflowing the buffer here.  If a number requires more digits than given in the format string, it will attempt to use more digits, so this is not a sufficient safeguard.

Also, 'atol()' converts to 'long', which may very well be only 32bits depending on the architectures.  And 32bits is only ~ 10 digits. See

atoll() might be more safe, or even strtoull() as it is even unsigned.  But then, it mgih be best to do this all in the 'string' domain to avoid any integer overflow related issues.

To view, visit
To unsubscribe, visit

Gerrit-MessageType: comment
Gerrit-Change-Id: I56ba0da61978bbdce71d0e320166c52b20b42517
Gerrit-PatchSet: 1
Gerrit-Project: openbsc
Gerrit-Branch: master
Gerrit-Owner: dexter <pmaier at>
Gerrit-Reviewer: Harald Welte <laforge at>
Gerrit-Reviewer: Jenkins Builder
Gerrit-HasComments: Yes

More information about the gerrit-log mailing list