From f4fa695ca15e7df07ffb70d7d30a44e80438af90 Mon Sep 17 00:00:00 2001 From: Max Date: Mon, 15 Jan 2018 12:12:51 +0100 Subject: Use safer functions for IMSI ACL Avoid explicit memset which confuses coverity, use strnlen() and osmo_strlcpy() to handle strings. Change-Id: I73fd54ad3a4ab8be5aff0fee5c722597ad766e9d Fixes: CID163626 --- src/gprs/sgsn_vty.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/src/gprs/sgsn_vty.c b/src/gprs/sgsn_vty.c index f57a2b95b..601b3c59f 100644 --- a/src/gprs/sgsn_vty.c +++ b/src/gprs/sgsn_vty.c @@ -634,19 +634,21 @@ DEFUN(imsi_acl, cfg_imsi_acl_cmd, "Remove IMSI from ACL\n" "IMSI of subscriber\n") { - char imsi_sanitized[GSM23003_IMSI_MAX_DIGITS+1]; + char imsi_sanitized[GSM23003_IMSI_MAX_DIGITS + 1] = { '0' }; const char *op = argv[0]; const char *imsi = imsi_sanitized; + size_t len = strnlen(argv[1], GSM23003_IMSI_MAX_DIGITS + 1); int rc; /* Sanitize IMSI */ - if (strlen(argv[1]) > GSM23003_IMSI_MAX_DIGITS) { - vty_out(vty, "%% IMSI (%s) too long -- ignored!%s", - argv[1], VTY_NEWLINE); + if (len > GSM23003_IMSI_MAX_DIGITS) { + vty_out(vty, "%% IMSI (%s) too long (max %u digits) -- ignored!%s", + argv[1], GSM23003_IMSI_MAX_DIGITS, VTY_NEWLINE); return CMD_WARNING; } - memset(imsi_sanitized, '0', sizeof(imsi_sanitized)); - strcpy(imsi_sanitized+GSM23003_IMSI_MAX_DIGITS-strlen(argv[1]),argv[1]); + + osmo_strlcpy(imsi_sanitized + GSM23003_IMSI_MAX_DIGITS - len, argv[1], + sizeof(imsi_sanitized) - (GSM23003_IMSI_MAX_DIGITS - len)); if (!strcmp(op, "add")) rc = sgsn_acl_add(imsi, g_cfg); -- cgit v1.2.3