Harald Welte has uploaded this change for review. ( 
https://gerrit.osmocom.org/10436


Change subject: layer23: Fix possible buffer overflow writing NUL beyond end of 
string
......................................................................

layer23: Fix possible buffer overflow writing NUL beyond end of string

settings.c: In function ‘gsm_random_imei’:
settings.c:188:26: warning: ‘sprintf’ may write a terminating nul past the end 
of the destination [-Wformat-overflow=]
  sprintf(rand + 8, "%07ld", random() % 10000000);
                          ^
settings.c:188:2: note: ‘sprintf’ output between 8 and 9 bytes into a 
destination of size 8
  sprintf(rand + 8, "%07ld", random() % 10000000);
  ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Change-Id: Id949487111235cd4af5ff068f1dce2f4b0801480
---
M src/host/layer23/src/mobile/settings.c
1 file changed, 1 insertion(+), 1 deletion(-)



  git pull ssh://gerrit.osmocom.org:29418/osmocom-bb refs/changes/36/10436/1

diff --git a/src/host/layer23/src/mobile/settings.c 
b/src/host/layer23/src/mobile/settings.c
index 11c7f7b..9783583 100644
--- a/src/host/layer23/src/mobile/settings.c
+++ b/src/host/layer23/src/mobile/settings.c
@@ -177,7 +177,7 @@
 int gsm_random_imei(struct gsm_settings *set)
 {
        int digits = set->imei_random;
-       char rand[16];
+       char rand[16+1];

        if (digits <= 0)
                return 0;

--
To view, visit https://gerrit.osmocom.org/10436
To unsubscribe, or for help writing mail filters, visit 
https://gerrit.osmocom.org/settings

Gerrit-Project: osmocom-bb
Gerrit-Branch: master
Gerrit-MessageType: newchange
Gerrit-Change-Id: Id949487111235cd4af5ff068f1dce2f4b0801480
Gerrit-Change-Number: 10436
Gerrit-PatchSet: 1
Gerrit-Owner: Harald Welte <lafo...@gnumonks.org>

Reply via email to