From 1c3bae138cea1dbde480ce4382120034eb769e82 Mon Sep 17 00:00:00 2001 From: Harald Welte Date: Sun, 20 Jan 2019 10:37:49 +0100 Subject: constrain gsm48_generate_mid() output array bounds The longest BCd-digit type identity is the IMEISV with 16, so there's no point in trying to parse up to 255 decimal digits, which will do nothing but to overflow the caller-provided output buffer. Let's also clearly define the required minimum size of the output buffer and add a reltead #define for it. Change-Id: Ic8488bc7f77dc9182e372741b88f0f06100dddc9 --- include/osmocom/gsm/gsm48.h | 1 + 1 file changed, 1 insertion(+) (limited to 'include/osmocom') diff --git a/include/osmocom/gsm/gsm48.h b/include/osmocom/gsm/gsm48.h index 0f5727a0..7e0e5c48 100644 --- a/include/osmocom/gsm/gsm48.h +++ b/include/osmocom/gsm/gsm48.h @@ -45,6 +45,7 @@ void gsm48_generate_lai(struct gsm48_loc_area_id *lai48, uint16_t mcc, OSMO_DEPRECATED("Use gsm48_generate_lai2() instead, to not lose leading zeros in the MNC"); void gsm48_generate_lai2(struct gsm48_loc_area_id *lai48, const struct osmo_location_area_id *lai); +#define GSM48_MID_MAX_SIZE 11 int gsm48_generate_mid_from_tmsi(uint8_t *buf, uint32_t tmsi); int gsm48_generate_mid_from_imsi(uint8_t *buf, const char *imsi); uint8_t gsm48_generate_mid(uint8_t *buf, const char *id, uint8_t mi_type); -- cgit v1.2.3