This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.
Harald Welte gerrit-no-reply at lists.osmocom.orgReview at https://gerrit.osmocom.org/4690 gtp: Fix buffer overflow in imsi_gtp2str() The string buffer allocated for the IMSI must be sized for a length twice the number of input bytes (each byte has two nibbles) plus 1 byte for NUL. We missed the "twice" part :/ Change-Id: I1ecaa811815ae522af71feabc5d0c1ea8b4edde9 Fixes: Coverity CID#174336 --- M gtp/gtp.c 1 file changed, 1 insertion(+), 1 deletion(-) git pull ssh://gerrit.osmocom.org:29418/osmo-ggsn refs/changes/90/4690/1 diff --git a/gtp/gtp.c b/gtp/gtp.c index 3051aaa..c798192 100644 --- a/gtp/gtp.c +++ b/gtp/gtp.c @@ -3301,7 +3301,7 @@ * _network byte order_ to contain BCD digits ?!? */ const char *imsi_gtp2str(const uint64_t *imsi) { - static char buf[sizeof(*imsi)+1]; + static char buf[sizeof(*imsi)*2+1]; const uint8_t *imsi8 = (const uint8_t *) imsi; unsigned int i, j = 0; -- To view, visit https://gerrit.osmocom.org/4690 To unsubscribe, visit https://gerrit.osmocom.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I1ecaa811815ae522af71feabc5d0c1ea8b4edde9 Gerrit-PatchSet: 1 Gerrit-Project: osmo-ggsn Gerrit-Branch: master Gerrit-Owner: Harald Welte <laforge at gnumonks.org>