From 496aee7cb809069133fe37f39ccac7607ec6c9b3 Mon Sep 17 00:00:00 2001 From: Jacob Erlbeck Date: Mon, 26 Jan 2015 10:38:12 +0100 Subject: sgsn: Ensure 0-terminated imsi strings (Coverity) Currently the size argument of strncpy is set to sizeof(mm->imsi) in some places. If the source IMSI string is too long, the terminating NUL byte in the static mm->imsi field gets overwritten. This patch limits the size to sizeof(mm->imsi)-1, so that the last byte of the buffer (that has been initialized to 0) is not overwritten. Fixes: Coverity CID 12065751, 12065754, 1206575 Sponsored-by: On-Waves ehf --- openbsc/src/gprs/sgsn_auth.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'openbsc/src/gprs/sgsn_auth.c') diff --git a/openbsc/src/gprs/sgsn_auth.c b/openbsc/src/gprs/sgsn_auth.c index d77a02194..b83294d30 100644 --- a/openbsc/src/gprs/sgsn_auth.c +++ b/openbsc/src/gprs/sgsn_auth.c @@ -61,7 +61,7 @@ int sgsn_acl_add(const char *imsi, struct sgsn_config *cfg) acl = talloc_zero(NULL, struct imsi_acl_entry); if (!acl) return -ENOMEM; - strncpy(acl->imsi, imsi, sizeof(acl->imsi)); + strncpy(acl->imsi, imsi, sizeof(acl->imsi) - 1); llist_add(&acl->list, &cfg->imsi_acl); -- cgit v1.2.3