diff options
| author | Vadim Yanitskiy <axilirator@gmail.com> | 2017-05-17 02:26:00 +0300 |
|---|---|---|
| committer | Harald Welte <laforge@gnumonks.org> | 2017-05-25 11:43:49 +0000 |
| commit | 064ffe6563cdf7105d97e3d45c2d14520cea8352 (patch) | |
| tree | 7a8977c11743744ec3ebc4f802691e42e0eac224 /src/host/layer23/src/mobile/gsm322.c | |
| parent | c1cdd3b5a4a69b12ca1b4d3f6cedd224257cf504 (diff) | |
host/mobile: use talloc for ms->name allocation
The approach of talloc memory management reduces memory usage,
and prevents some buffer overflows, which were possible before.
Change-Id: Icd6706117fdd7f1b3481b0e3817bbb3b31f12f60
Diffstat (limited to 'src/host/layer23/src/mobile/gsm322.c')
| -rw-r--r-- | src/host/layer23/src/mobile/gsm322.c | 38 |
1 files changed, 21 insertions, 17 deletions
diff --git a/src/host/layer23/src/mobile/gsm322.c b/src/host/layer23/src/mobile/gsm322.c index 993e5cab..ad6a83bf 100644 --- a/src/host/layer23/src/mobile/gsm322.c +++ b/src/host/layer23/src/mobile/gsm322.c @@ -5028,7 +5028,7 @@ int gsm322_init(struct osmocom_ms *ms) struct gsm322_plmn *plmn = &ms->plmn; struct gsm322_cellsel *cs = &ms->cellsel; FILE *fp; - char filename[PATH_MAX]; + char *ba_filename; int i; struct gsm322_ba_list *ba; uint8_t buf[4]; @@ -5060,8 +5060,9 @@ int gsm322_init(struct osmocom_ms *ms) cs->list[i].flags |= GSM322_CS_FLAG_SUPPORT; /* read BA list */ - sprintf(filename, "%s/%s.ba", config_dir, ms->name); - fp = fopen(filename, "r"); + ba_filename = talloc_asprintf(ms, "%s/%s.ba", config_dir, ms->name); + fp = fopen(ba_filename, "r"); + talloc_free(ba_filename); if (fp) { int rc; char *s_rc; @@ -5108,7 +5109,7 @@ int gsm322_exit(struct osmocom_ms *ms) struct llist_head *lh, *lh2; struct msgb *msg; FILE *fp; - char filename[PATH_MAX]; + char *ba_filename; struct gsm322_ba_list *ba; uint8_t buf[4]; int rc = 0; @@ -5137,20 +5138,23 @@ int gsm322_exit(struct osmocom_ms *ms) } /* store BA list */ - sprintf(filename, "%s/%s.ba", config_dir, ms->name); - fp = fopen(filename, "w"); - if (fp) { - fputs(ba_version, fp); - llist_for_each_entry(ba, &cs->ba_list, entry) { - buf[0] = ba->mcc >> 8; - buf[1] = ba->mcc & 0xff; - buf[2] = ba->mnc >> 8; - buf[3] = ba->mnc & 0xff; - - rc += fwrite(buf, 4, 1, fp); - rc += fwrite(ba->freq, sizeof(ba->freq), 1, fp); + ba_filename = talloc_asprintf(ms, "%s/%s.ba", config_dir, ms->name); + if (ba_filename) { + fp = fopen(ba_filename, "w"); + talloc_free(ba_filename); + if (fp) { + fputs(ba_version, fp); + llist_for_each_entry(ba, &cs->ba_list, entry) { + buf[0] = ba->mcc >> 8; + buf[1] = ba->mcc & 0xff; + buf[2] = ba->mnc >> 8; + buf[3] = ba->mnc & 0xff; + + rc += fwrite(buf, 4, 1, fp); + rc += fwrite(ba->freq, sizeof(ba->freq), 1, fp); + } + fclose(fp); } - fclose(fp); } if (rc == 2) |