summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorHolger Hans Peter Freyther <holger@moiji-mobile.com>2013-07-05 07:50:30 +0200
committerHolger Hans Peter Freyther <holger@moiji-mobile.com>2013-07-05 07:50:30 +0200
commit7346081ba3d181a0386e6d7191131103494cfacb (patch)
tree781b45edad663eb099f08b14758557c1bf3cce73
parent9bec10ecd37f5724d7613967d4bf142444038156 (diff)
nat: number could point to an address on the stack that can be reused
The number = int_number assignment will make the number point to the stack and as the int_number goes out of scope at the end of the if statement other code could re-use this stack for other memory. Fixes: Coverity CID 1042325
-rw-r--r--openbsc/src/osmo-bsc_nat/bsc_nat_rewrite.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/openbsc/src/osmo-bsc_nat/bsc_nat_rewrite.c b/openbsc/src/osmo-bsc_nat/bsc_nat_rewrite.c
index c9b6f4a91..06071c475 100644
--- a/openbsc/src/osmo-bsc_nat/bsc_nat_rewrite.c
+++ b/openbsc/src/osmo-bsc_nat/bsc_nat_rewrite.c
@@ -68,6 +68,7 @@ static char *match_and_rewrite_number(void *ctx, const char *number,
static char *rewrite_isdn_number(struct bsc_nat *nat, void *ctx, const char *imsi,
struct gsm_mncc_number *called)
{
+ char int_number[sizeof(called->number) + 2];
char *number = called->number;
if (llist_empty(&nat->num_rewr))
@@ -79,7 +80,6 @@ static char *rewrite_isdn_number(struct bsc_nat *nat, void *ctx, const char *ims
/* international, prepend */
if (called->type == 1) {
- char int_number[sizeof(called->number) + 2];
int_number[0] = '+';
memcpy(&int_number[1], number, strlen(number) + 1);
number = int_number;