diff options
author | Harald Welte <laforge@gnumonks.org> | 2017-11-06 03:12:54 +0900 |
---|---|---|
committer | Harald Welte <laforge@gnumonks.org> | 2017-11-06 03:12:54 +0900 |
commit | a06120de77da41ee86f3704d815ff0b852246ada (patch) | |
tree | aade148410dccc5c90e98084a793b7cb28c037ad | |
parent | b589e78f13243ad4372dcf33f611e630b2a953e8 (diff) |
gtp: Fix buffer overflow in imsi_gtp2str()
The string buffer allocated for the IMSI must be sized for a length
twice the number of input bytes (each byte has two nibbles) plus 1
byte for NUL. We missed the "twice" part :/
Change-Id: I1ecaa811815ae522af71feabc5d0c1ea8b4edde9
Fixes: Coverity CID#174336
-rw-r--r-- | gtp/gtp.c | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -3301,7 +3301,7 @@ int in_addr2gsna(struct ul16_t *gsna, struct in_addr *src) * _network byte order_ to contain BCD digits ?!? */ const char *imsi_gtp2str(const uint64_t *imsi) { - static char buf[sizeof(*imsi)+1]; + static char buf[sizeof(*imsi)*2+1]; const uint8_t *imsi8 = (const uint8_t *) imsi; unsigned int i, j = 0; |