Harald Welte has submitted this change and it was merged. ( 
https://gerrit.osmocom.org/10436 )

Change subject: layer23: Fix possible buffer overflow writing NUL beyond end of 
string
......................................................................

layer23: Fix possible buffer overflow writing NUL beyond end of string

settings.c: In function ‘gsm_random_imei’:
settings.c:188:26: warning: ‘sprintf’ may write a terminating nul past the end 
of the destination [-Wformat-overflow=]
  sprintf(rand + 8, "%07ld", random() % 10000000);
                          ^
settings.c:188:2: note: ‘sprintf’ output between 8 and 9 bytes into a 
destination of size 8
  sprintf(rand + 8, "%07ld", random() % 10000000);
  ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Change-Id: Id949487111235cd4af5ff068f1dce2f4b0801480
---
M src/host/layer23/src/mobile/settings.c
1 file changed, 1 insertion(+), 1 deletion(-)

Approvals:
  Harald Welte: Looks good to me, approved
  Jenkins Builder: Verified



diff --git a/src/host/layer23/src/mobile/settings.c 
b/src/host/layer23/src/mobile/settings.c
index 7137761..a4bb4e3 100644
--- a/src/host/layer23/src/mobile/settings.c
+++ b/src/host/layer23/src/mobile/settings.c
@@ -178,7 +178,7 @@
 int gsm_random_imei(struct gsm_settings *set)
 {
        int digits = set->imei_random;
-       char rand[16];
+       char rand[16+1];

        if (digits <= 0)
                return 0;

--
To view, visit https://gerrit.osmocom.org/10436
To unsubscribe, or for help writing mail filters, visit 
https://gerrit.osmocom.org/settings

Gerrit-Project: osmocom-bb
Gerrit-Branch: master
Gerrit-MessageType: merged
Gerrit-Change-Id: Id949487111235cd4af5ff068f1dce2f4b0801480
Gerrit-Change-Number: 10436
Gerrit-PatchSet: 3
Gerrit-Owner: Harald Welte <lafo...@gnumonks.org>
Gerrit-Reviewer: Harald Welte <lafo...@gnumonks.org>
Gerrit-Reviewer: Jenkins Builder

Reply via email to