Change in osmo-mgw[master]: mgcp-client: Avoid string not null terminated access

pespin has uploaded this change for review. ( https://gerrit.osmocom.org/c/osmo-mgw/+/28483 ) Change subject: mgcp-client: Avoid string not null terminated access ...................................................................... mgcp-client: Avoid string not null terminated access 736 ret = mgcp_client_rx(mgcp, msg); mgcp_response_parse_head() will do: """ r->body = (char *)msg->data; if (sscanf(r->body, "%3d %u %n", ... """ Fixes: Coverity CID#272990 Change-Id: Icb61a22f6dfd6267e469dc3e607e7d634b7d4685 --- M src/libosmo-mgcp-client/mgcp_client.c 1 file changed, 3 insertions(+), 1 deletion(-) git pull ssh://gerrit.osmocom.org:29418/osmo-mgw refs/changes/83/28483/1 diff --git a/src/libosmo-mgcp-client/mgcp_client.c b/src/libosmo-mgcp-client/mgcp_client.c index 77de23f..8a04b75 100644 --- a/src/libosmo-mgcp-client/mgcp_client.c +++ b/src/libosmo-mgcp-client/mgcp_client.c @@ -719,7 +719,7 @@ return -1; } - ret = read(fd->fd, msg->data, 4096 - 128); + ret = read(fd->fd, msg->data, (4096 - 1) - 128); if (ret <= 0) { LOGPMGW(mgcp, LOGL_ERROR, "Failed to read: %s: %d='%s'\n", osmo_sock_get_name2(fd->fd), errno, strerror(errno)); @@ -729,6 +729,8 @@ } msg->l2h = msgb_put(msg, ret); + /* EOS char to avoid out-of-buf str access, not part of the msg: */ + *msg->tail = '\0'; ret = mgcp_client_rx(mgcp, msg); talloc_free(msg); return ret; -- To view, visit https://gerrit.osmocom.org/c/osmo-mgw/+/28483 To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: osmo-mgw Gerrit-Branch: master Gerrit-Change-Id: Icb61a22f6dfd6267e469dc3e607e7d634b7d4685 Gerrit-Change-Number: 28483 Gerrit-PatchSet: 1 Gerrit-Owner: pespin &lt;pespin(a)sysmocom.de&gt; Gerrit-MessageType: newchange