[PATCH] openbsc[master]: fix strncpy() invocation in vty_interface_layer3.c and 3 tests

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.

Neels Hofmeyr gerrit-no-reply at lists.osmocom.org
Fri Jan 13 02:15:24 UTC 2017 

Review at  https://gerrit.osmocom.org/1589

fix strncpy() invocation in vty_interface_layer3.c and 3 tests

Use strncpy0s() to fix unsafe invocation of strncpy(), which potentially leaves
the result unterminated.

Change-Id: I1a119b1760a3e3262538b4b012d476fdce505482
---
M openbsc/src/libcommon/gsup_test_client.c
M openbsc/src/libmsc/vty_interface_layer3.c
M openbsc/tests/mgcp/mgcp_test.c
M openbsc/tests/sgsn/sgsn_test.c
4 files changed, 10 insertions(+), 6 deletions(-)


  git pull ssh://gerrit.osmocom.org:29418/openbsc refs/changes/89/1589/1

diff --git a/openbsc/src/libcommon/gsup_test_client.c b/openbsc/src/libcommon/gsup_test_client.c
index 1889c6f..6af5fef 100644
--- a/openbsc/src/libcommon/gsup_test_client.c
+++ b/openbsc/src/libcommon/gsup_test_client.c
@@ -11,6 +11,7 @@
 
 #include <openbsc/gsup_client.h>
 #include <openbsc/debug.h>
+#include <openbsc/strncpy0.h>
 
 static struct gsup_client *g_gc;
 
@@ -108,7 +109,7 @@
 	struct osmo_gsup_message gsup = {0};
 	struct msgb *msg = msgb_alloc_headroom(1200, 200, __func__);
 
-	strncpy(gsup.imsi, io->imsi, sizeof(gsup.imsi));
+	strncpy0s(gsup.imsi, io->imsi);
 	gsup.message_type = OSMO_GSUP_MSGT_SEND_AUTH_INFO_REQUEST;
 
 	osmo_gsup_encode(msg, &gsup);
@@ -123,7 +124,7 @@
 	struct osmo_gsup_message gsup = {0};
 	struct msgb *msg = msgb_alloc_headroom(1200, 200, __func__);
 
-	strncpy(gsup.imsi, io->imsi, sizeof(gsup.imsi));
+	strncpy0s(gsup.imsi, io->imsi);
 	gsup.message_type = OSMO_GSUP_MSGT_UPDATE_LOCATION_REQUEST;
 
 	osmo_gsup_encode(msg, &gsup);
@@ -136,7 +137,7 @@
 	struct osmo_gsup_message gsup = {0};
 	struct msgb *msg = msgb_alloc_headroom(1200, 200, __func__);
 
-	strncpy(gsup.imsi, io->imsi, sizeof(gsup.imsi));
+	strncpy0s(gsup.imsi, io->imsi);
 	gsup.message_type = OSMO_GSUP_MSGT_INSERT_DATA_RESULT;
 
 	osmo_gsup_encode(msg, &gsup);
diff --git a/openbsc/src/libmsc/vty_interface_layer3.c b/openbsc/src/libmsc/vty_interface_layer3.c
index edece51..a02f70c 100644
--- a/openbsc/src/libmsc/vty_interface_layer3.c
+++ b/openbsc/src/libmsc/vty_interface_layer3.c
@@ -50,6 +50,7 @@
 #include <openbsc/sms_queue.h>
 #include <openbsc/mncc_int.h>
 #include <openbsc/handover.h>
+#include <openbsc/strncpy0.h>
 
 #include <osmocom/vty/logging.h>
 
@@ -601,7 +602,7 @@
 		return CMD_WARNING;
 	}
 
-	strncpy(subscr->extension, ext, sizeof(subscr->extension));
+	strncpy0s(subscr->extension, ext);
 	db_sync_subscriber(subscr);
 
 	subscr_put(subscr);
diff --git a/openbsc/tests/mgcp/mgcp_test.c b/openbsc/tests/mgcp/mgcp_test.c
index e2dc8fa..f278a4e 100644
--- a/openbsc/tests/mgcp/mgcp_test.c
+++ b/openbsc/tests/mgcp/mgcp_test.c
@@ -22,6 +22,7 @@
 #include <openbsc/mgcp.h>
 #include <openbsc/vty.h>
 #include <openbsc/mgcp_internal.h>
+#include <openbsc/strncpy0.h>
 
 #include <osmocom/core/application.h>
 #include <osmocom/core/talloc.h>
@@ -54,7 +55,7 @@
 	char buf[2048];
 	int counter = 0;
 
-	strncpy(buf, strline_test_data, sizeof(buf));
+	strncpy0s(buf, strline_test_data);
 
 	for (line = strline_r(buf, &save); line;
 	     line = strline_r(NULL, &save)) {
diff --git a/openbsc/tests/sgsn/sgsn_test.c b/openbsc/tests/sgsn/sgsn_test.c
index b4bcaf6..a12aaf8 100644
--- a/openbsc/tests/sgsn/sgsn_test.c
+++ b/openbsc/tests/sgsn/sgsn_test.c
@@ -28,6 +28,7 @@
 #include <openbsc/gsup_client.h>
 #include <openbsc/gprs_utils.h>
 #include <openbsc/gprs_gb_parse.h>
+#include <openbsc/strncpy0.h>
 
 #include <osmocom/gprs/gprs_bssgp.h>
 
@@ -1292,7 +1293,7 @@
 	rc = osmo_gsup_decode(msgb_data(msg), msgb_length(msg), &to_peer);
 	OSMO_ASSERT(rc >= 0);
 	OSMO_ASSERT(to_peer.imsi[0] != 0);
-	strncpy(from_peer.imsi, to_peer.imsi, sizeof(from_peer.imsi));
+	strncpy0s(from_peer.imsi, to_peer.imsi);
 
 	/* This invalidates the pointers in to_peer */
 	msgb_free(msg);

-- 
To view, visit https://gerrit.osmocom.org/1589
To unsubscribe, visit https://gerrit.osmocom.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I1a119b1760a3e3262538b4b012d476fdce505482
Gerrit-PatchSet: 1
Gerrit-Project: openbsc
Gerrit-Branch: master
Gerrit-Owner: Neels Hofmeyr <nhofmeyr at sysmocom.de>

More information about the gerrit-log mailing list