Change in osmocom-bb[master]: layer23: Fix possible buffer overflow writing NUL beyond end of string

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.

Harald Welte gerrit-no-reply at lists.osmocom.org
Sat Aug 11 14:09:14 UTC 2018 

Harald Welte has submitted this change and it was merged. ( https://gerrit.osmocom.org/10436 )

Change subject: layer23: Fix possible buffer overflow writing NUL beyond end of string
......................................................................

layer23: Fix possible buffer overflow writing NUL beyond end of string

settings.c: In function ‘gsm_random_imei’:
settings.c:188:26: warning: ‘sprintf’ may write a terminating nul past the end of the destination [-Wformat-overflow=]
  sprintf(rand + 8, "%07ld", random() % 10000000);
                          ^
settings.c:188:2: note: ‘sprintf’ output between 8 and 9 bytes into a destination of size 8
  sprintf(rand + 8, "%07ld", random() % 10000000);
  ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Change-Id: Id949487111235cd4af5ff068f1dce2f4b0801480
---
M src/host/layer23/src/mobile/settings.c
1 file changed, 1 insertion(+), 1 deletion(-)

Approvals:
  Harald Welte: Looks good to me, approved
  Jenkins Builder: Verified



diff --git a/src/host/layer23/src/mobile/settings.c b/src/host/layer23/src/mobile/settings.c
index 7137761..a4bb4e3 100644
--- a/src/host/layer23/src/mobile/settings.c
+++ b/src/host/layer23/src/mobile/settings.c
@@ -178,7 +178,7 @@
 int gsm_random_imei(struct gsm_settings *set)
 {
 	int digits = set->imei_random;
-	char rand[16];
+	char rand[16+1];
 
 	if (digits <= 0)
 		return 0;

-- 
To view, visit https://gerrit.osmocom.org/10436
To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings

Gerrit-Project: osmocom-bb
Gerrit-Branch: master
Gerrit-MessageType: merged
Gerrit-Change-Id: Id949487111235cd4af5ff068f1dce2f4b0801480
Gerrit-Change-Number: 10436
Gerrit-PatchSet: 3
Gerrit-Owner: Harald Welte <laforge at gnumonks.org>
Gerrit-Reviewer: Harald Welte <laforge at gnumonks.org>
Gerrit-Reviewer: Jenkins Builder
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osmocom.org/pipermail/gerrit-log/attachments/20180811/de20ba7d/attachment.htm>

More information about the gerrit-log mailing list