From 2449b37dfe424248ea9fe2143efb78a3cd385d64 Mon Sep 17 00:00:00 2001
From: Mike Haben <michael.haben@btinternet.com>
Date: Mon, 26 Oct 2009 20:36:34 +0100
Subject: [USSD] various USSD improvements

- Improved handling of extension-number string (as per review)
- Guard against a buffer-overflow if mobile sends a too-long USSD
- declare some function-parameters const
- fix gsm_ts_name function to display the right BTS number (bts->nr rather than bts->bts_nr)
---
 openbsc/src/ussd.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'openbsc/src/ussd.c')

diff --git a/openbsc/src/ussd.c b/openbsc/src/ussd.c
index e414b1cea..a3d11f080 100644
--- a/openbsc/src/ussd.c
+++ b/openbsc/src/ussd.c
@@ -63,9 +63,9 @@ int handle_rcv_ussd(struct msgb *msg)
 static int send_own_number(const struct msgb *msg, const struct ussd_request *req)
 {
 	char *own_number = msg->lchan->subscr->extension;
-	/* Need trailing CR as EOT character */
-	char response_string[] = "Your extension is xxxxx\r";
+	char response_string[GSM_EXTENSION_LENGTH + 20];
 
-	memcpy(response_string + 18, own_number, 5);
+	/* Need trailing CR as EOT character */
+	snprintf(response_string, sizeof(response_string), "Your extension is %s\r", own_number);
 	return gsm0480_send_ussd_response(msg, response_string, req);
 }
-- 
cgit v1.2.3