Review at https://gerrit.osmocom.org/4690
gtp: Fix buffer overflow in imsi_gtp2str()
The string buffer allocated for the IMSI must be sized for a length
twice the number of input bytes (each byte has two nibbles) plus 1
byte for NUL. We missed the "twice" part :/
Change-Id: I1ecaa811815ae522af71feabc5d0c1ea8b4edde9
Fixes: Coverity CID#174336
---
M gtp/gtp.c
1 file changed, 1 insertion(+), 1 deletion(-)
git pull ssh://gerrit.osmocom.org:29418/osmo-ggsn refs/changes/90/4690/1
diff --git a/gtp/gtp.c b/gtp/gtp.c
index 3051aaa..c798192 100644
--- a/gtp/gtp.c
+++ b/gtp/gtp.c
@@ -3301,7 +3301,7 @@
* _network byte order_ to contain BCD digits ?!? */
const char *imsi_gtp2str(const uint64_t *imsi)
{
- static char buf[sizeof(*imsi)+1];
+ static char buf[sizeof(*imsi)*2+1];
const uint8_t *imsi8 = (const uint8_t *) imsi;
unsigned int i, j = 0;
--
To view, visit https://gerrit.osmocom.org/4690
To unsubscribe, visit https://gerrit.osmocom.org/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I1ecaa811815ae522af71feabc5d0c1ea8b4edde9
Gerrit-PatchSet: 1
Gerrit-Project: osmo-ggsn
Gerrit-Branch: master
Gerrit-Owner: Harald Welte <[email protected]>
