This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.
Harald Welte gerrit-no-reply at lists.osmocom.orgHarald Welte has submitted this change and it was merged.
Change subject: gtp: Fix buffer overflow in imsi_gtp2str()
......................................................................
gtp: Fix buffer overflow in imsi_gtp2str()
The string buffer allocated for the IMSI must be sized for a length
twice the number of input bytes (each byte has two nibbles) plus 1
byte for NUL. We missed the "twice" part :/
Change-Id: I1ecaa811815ae522af71feabc5d0c1ea8b4edde9
Fixes: Coverity CID#174336
---
M gtp/gtp.c
1 file changed, 1 insertion(+), 1 deletion(-)
Approvals:
Harald Welte: Looks good to me, approved
Jenkins Builder: Verified
diff --git a/gtp/gtp.c b/gtp/gtp.c
index 3051aaa..c798192 100644
--- a/gtp/gtp.c
+++ b/gtp/gtp.c
@@ -3301,7 +3301,7 @@
* _network byte order_ to contain BCD digits ?!? */
const char *imsi_gtp2str(const uint64_t *imsi)
{
- static char buf[sizeof(*imsi)+1];
+ static char buf[sizeof(*imsi)*2+1];
const uint8_t *imsi8 = (const uint8_t *) imsi;
unsigned int i, j = 0;
--
To view, visit https://gerrit.osmocom.org/4690
To unsubscribe, visit https://gerrit.osmocom.org/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I1ecaa811815ae522af71feabc5d0c1ea8b4edde9
Gerrit-PatchSet: 1
Gerrit-Project: osmo-ggsn
Gerrit-Branch: master
Gerrit-Owner: Harald Welte <laforge at gnumonks.org>
Gerrit-Reviewer: Harald Welte <laforge at gnumonks.org>
Gerrit-Reviewer: Jenkins Builder