summaryrefslogtreecommitdiffstats
path: root/openbsc/src/osmo-bsc_nat
diff options
context:
space:
mode:
authorJacob Erlbeck <jerlbeck@sysmocom.de>2015-04-09 14:47:18 +0200
committerHolger Hans Peter Freyther <holger@moiji-mobile.com>2015-04-10 08:47:00 +0200
commit7ffa7b095fbea0f7f52a4179402edb04249c60d0 (patch)
tree377e1255069dcf51c96e81bf282a303eb7ab73f1 /openbsc/src/osmo-bsc_nat
parent322b1499cd4d34b0148a15cb615ad6dff8203ed2 (diff)
nitb: Fix IMSI/IMEI buffer handling (Coverity)
Currently the handling of the buffers is not done consistently. Some code assumes that the whole buffer may be used to store the string while at other places, the last buffer byte is left untouched in the assumption that it contains a terminating NUL-character. The latter is the correct behaviour. This commit changes to code to not touch the last byte in the buffers and to rely on the last byte being NUL. So the maximum IMSI/IMEI length is GSM_IMSI_LENGTH-1/GSM_IMEI_LENGTH-1. For information: We assume that we allocate the structure with talloc_zero. This means we have NULed the entire imsi array and then only write sizeof - 1 characters to it. So the last byte remains NUL. Fixes: Coverity CID 1206568, 1206567 Sponsored-by: On-Waves ehf
Diffstat (limited to 'openbsc/src/osmo-bsc_nat')
-rw-r--r--openbsc/src/osmo-bsc_nat/bsc_ussd.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/openbsc/src/osmo-bsc_nat/bsc_ussd.c b/openbsc/src/osmo-bsc_nat/bsc_ussd.c
index ac5a9f5..67844b8 100644
--- a/openbsc/src/osmo-bsc_nat/bsc_ussd.c
+++ b/openbsc/src/osmo-bsc_nat/bsc_ussd.c
@@ -399,7 +399,7 @@ int bsc_ussd_check(struct nat_sccp_connection *con, struct bsc_nat_parsed *parse
if (parsed->bssap != BSSAP_MSG_DTAP)
return 0;
- if (strlen(con->imsi) > GSM_IMSI_LENGTH)
+ if (strlen(con->imsi) >= GSM_IMSI_LENGTH)
return 0;
hdr48 = bsc_unpack_dtap(parsed, msg, &len);