[PATCH] osmo-msc[master]: smpp_smsc: fix truncated string copy into bind_r.system_id

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.

Neels Hofmeyr gerrit-no-reply at lists.osmocom.org
Mon Dec 18 03:18:53 UTC 2017


Review at  https://gerrit.osmocom.org/5471

smpp_smsc: fix truncated string copy into bind_r.system_id

The target buffer in libsmpp is 16 bytes long, and snprintf() may omit the
terminating zero. There seems to be no handling for unterminated strings, so
osmo_strlcpy() is the safer (and presumably more optimal) choice.

Change-Id: I5845666201f945ea9f83da62f2dd4bec52eb74cf
---
M src/libmsc/smpp_smsc.c
1 file changed, 1 insertion(+), 2 deletions(-)


  git pull ssh://gerrit.osmocom.org:29418/osmo-msc refs/changes/71/5471/1

diff --git a/src/libmsc/smpp_smsc.c b/src/libmsc/smpp_smsc.c
index 88cecfc..34b93f8 100644
--- a/src/libmsc/smpp_smsc.c
+++ b/src/libmsc/smpp_smsc.c
@@ -509,8 +509,7 @@
 	bind_r.command_status = rc;
 
 	/* build response */
-	snprintf((char *)bind_r.system_id, sizeof(bind_r.system_id), "%s",
-		 esme->smsc->system_id);
+	osmo_strlcpy((char*)bind_r.system_id, esme->smsc->system_id, sizeof(bind_r.system_id));
 
 	/* add interface version TLV */
 	tlv.tag = TLVID_sc_interface_version;

-- 
To view, visit https://gerrit.osmocom.org/5471
To unsubscribe, visit https://gerrit.osmocom.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I5845666201f945ea9f83da62f2dd4bec52eb74cf
Gerrit-PatchSet: 1
Gerrit-Project: osmo-msc
Gerrit-Branch: master
Gerrit-Owner: Neels Hofmeyr <nhofmeyr at sysmocom.de>



More information about the gerrit-log mailing list