diff options
author | Harald Welte <laforge@gnumonks.org> | 2017-11-06 03:55:02 +0900 |
---|---|---|
committer | Neels Hofmeyr <nhofmeyr@sysmocom.de> | 2017-11-10 21:26:53 +0000 |
commit | bd0d5bf5d8957c965473960ceb659043bac21128 (patch) | |
tree | e473e10074ef6e216730b19e3589fbfca6b52032 /src/hlr.c | |
parent | 87a04b6b95d827c5c82c3e7ffb99f60e86028f25 (diff) |
hlr.c: Avoid overflow of lu_operation.subscr.imsi
It appears that hlr_subscriber.imsi is 16 buffers in size:
15 chars for IMSI + 1 byte NUL. However, osmo_gsup_message.imsi
is 17 bytes (for whatever reason), so we cannot simply do a strpy()
as this might overflow the hlr_subscriber.imsi field!
TODO: check if weactually ever receive a too-long IMSI in GSUP and
reject that at an earlier time in the code flow.
Fixes: Coverity CID#164746
Change-Id: I9ff94e6bb0ad2ad2a7c010d3ea7dad9af0f3c048
Diffstat (limited to 'src/hlr.c')
-rw-r--r-- | src/hlr.c | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -164,7 +164,7 @@ static int rx_upd_loc_req(struct osmo_gsup_conn *conn, /* check if subscriber is known at all */ if (!lu_op_fill_subscr(luop, g_hlr->dbc, gsup->imsi)) { /* Send Error back: Subscriber Unknown in HLR */ - strcpy(luop->subscr.imsi, gsup->imsi); + osmo_strlcpy(luop->subscr.imsi, gsup->imsi, sizeof(luop->subscr.imsi)); lu_op_tx_error(luop, GMM_CAUSE_IMSI_UNKNOWN); return 0; } |