From 9286114f6f9a8b45e620ccf2014ed713c770c9ed Mon Sep 17 00:00:00 2001
From: Philipp Maier <pmaier@sysmocom.de>
Date: Fri, 15 Mar 2019 09:43:40 +0100
Subject: silent_call: use osmo_strlcpy() instead of strncpy()

If gsm_silent_call_start() is called with an over long string in
traffic_dst_ip, then the target string might be left unterminated. Lets
use osmo_strlcpy() so that we can be sure the result in scd->traffic_ip
is always terminated.

Fixes: CID#196068
Change-Id: Ic81842175e412ae7d97d023b612412f33411d60c
---
 src/libmsc/silent_call.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/libmsc/silent_call.c b/src/libmsc/silent_call.c
index 7effba3e7..14974f338 100644
--- a/src/libmsc/silent_call.c
+++ b/src/libmsc/silent_call.c
@@ -26,6 +26,7 @@
 
 #include <osmocom/core/byteswap.h>
 #include <osmocom/core/msgb.h>
+#include <osmocom/core/utils.h>
 #include <osmocom/msc/signal.h>
 #include <osmocom/msc/debug.h>
 #include <osmocom/msc/gsm_data.h>
@@ -202,7 +203,7 @@ int gsm_silent_call_start(struct vlr_subscr *vsub,
 	memcpy(&scd->ct, ct, sizeof(scd->ct));
 
 	if (traffic_dst_ip) {
-		strncpy(scd->traffic_ip, traffic_dst_ip, sizeof(scd->traffic_ip));
+		osmo_strlcpy(scd->traffic_ip, traffic_dst_ip, sizeof(scd->traffic_ip));
 		scd->traffic_port = traffic_dst_port;
 	}
 
-- 
cgit v1.2.3