This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.
Harald Welte gerrit-no-reply at lists.osmocom.orgReview at https://gerrit.osmocom.org/4695 hlr.c: Avoid overflow of lu_operation.subscr.imsi It appears that hlr_subscriber.imsi is 16 buffers in size: 15 chars for IMSI + 1 byte NUL. However, osmo_gsup_message.imsi is 17 bytes (for whatever reason), so we cannot simply do a strpy() as this might overflow the hlr_subscriber.imsi field! TODO: check if weactually ever receive a too-long IMSI in GSUP and reject that at an earlier time in the code flow. Fixes: Coverity CID#164746 Change-Id: I9ff94e6bb0ad2ad2a7c010d3ea7dad9af0f3c048 --- M src/hlr.c 1 file changed, 1 insertion(+), 1 deletion(-) git pull ssh://gerrit.osmocom.org:29418/osmo-hlr refs/changes/95/4695/1 diff --git a/src/hlr.c b/src/hlr.c index 6310526..78a7055 100644 --- a/src/hlr.c +++ b/src/hlr.c @@ -164,7 +164,7 @@ /* check if subscriber is known at all */ if (!lu_op_fill_subscr(luop, g_hlr->dbc, gsup->imsi)) { /* Send Error back: Subscriber Unknown in HLR */ - strcpy(luop->subscr.imsi, gsup->imsi); + osmo_strlcpy(luop->subscr.imsi, gsup->imsi, sizeof(luop->subscr.imsi)); lu_op_tx_error(luop, GMM_CAUSE_IMSI_UNKNOWN); return 0; } -- To view, visit https://gerrit.osmocom.org/4695 To unsubscribe, visit https://gerrit.osmocom.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I9ff94e6bb0ad2ad2a7c010d3ea7dad9af0f3c048 Gerrit-PatchSet: 1 Gerrit-Project: osmo-hlr Gerrit-Branch: master Gerrit-Owner: Harald Welte <laforge at gnumonks.org>