summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJacob Erlbeck <jerlbeck@sysmocom.de>2015-06-18 13:21:30 +0200
committerHolger Hans Peter Freyther <holger@moiji-mobile.com>2015-06-19 20:54:28 +0200
commitc1cb75eff5b060da9e6d43521e4913a8bf4e74fc (patch)
treea7461fe74480669cfaaab74c56ff638e3ca4f671
parent2c58197e5d717c5eb24e2b8cecac43c2afdff22a (diff)
bssgp: Fix IMSI buffer size (Coverity)
Currently the size of the IMSI pointer is used instead of the size of the talloc'ed buffer. This commit changes the call to gsm48_mi_to_string to use the same value that has been used with talloc_zero_size(). The length is changed to 17 since that value is used for GSM_IMSI_LENGTH in openbsc. Fixes: Coverity CID 1040663 Sponsored-by: On-Waves ehf
-rw-r--r--src/gb/gprs_bssgp_bss.c6
1 files changed, 4 insertions, 2 deletions
diff --git a/src/gb/gprs_bssgp_bss.c b/src/gb/gprs_bssgp_bss.c
index 962bf2e8..3a9012e1 100644
--- a/src/gb/gprs_bssgp_bss.c
+++ b/src/gb/gprs_bssgp_bss.c
@@ -34,6 +34,8 @@
#include "common_vty.h"
+#define GSM_IMSI_LENGTH 17
+
uint8_t *bssgp_msgb_tlli_put(struct msgb *msg, uint32_t tlli)
{
uint32_t _tlli = htonl(tlli);
@@ -498,8 +500,8 @@ int bssgp_rx_paging(struct bssgp_paging_info *pinfo,
if (!TLVP_PRESENT(&tp, BSSGP_IE_IMSI))
goto err_mand_ie;
if (!pinfo->imsi)
- pinfo->imsi = talloc_zero_size(pinfo, 16);
- gsm48_mi_to_string(pinfo->imsi, sizeof(pinfo->imsi),
+ pinfo->imsi = talloc_zero_size(pinfo, GSM_IMSI_LENGTH);
+ gsm48_mi_to_string(pinfo->imsi, GSM_IMSI_LENGTH,
TLVP_VAL(&tp, BSSGP_IE_IMSI),
TLVP_LEN(&tp, BSSGP_IE_IMSI));