From 696212798291688a85afc956b6d80c10c7acb033 Mon Sep 17 00:00:00 2001 From: Holger Hans Peter Freyther Date: Thu, 8 Oct 2015 16:58:13 +0200 Subject: osmux: Make sure that bigger Osmux ids actually fit We put a signed integer into this string but did not account for the newline and for the terminating NUL of the string. Add the newline to the string and add one for NUL. Spotted while accidently having a CID of 255. --- openbsc/src/osmo-bsc_nat/bsc_mgcp_utils.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'openbsc/src/osmo-bsc_nat') diff --git a/openbsc/src/osmo-bsc_nat/bsc_mgcp_utils.c b/openbsc/src/osmo-bsc_nat/bsc_mgcp_utils.c index 0105c7e3d..9fd99677a 100644 --- a/openbsc/src/osmo-bsc_nat/bsc_mgcp_utils.c +++ b/openbsc/src/osmo-bsc_nat/bsc_mgcp_utils.c @@ -818,7 +818,7 @@ static void patch_mgcp(struct msgb *output, const char *op, const char *tok, int slen; int ret; char buf[40]; - char osmux_extension[strlen("X-Osmux: 255")]; + char osmux_extension[strlen("\nX-Osmux: 255") + 1]; buf[0] = buf[39] = '\0'; ret = sscanf(tok, "%*s %s", buf); @@ -829,7 +829,7 @@ static void patch_mgcp(struct msgb *output, const char *op, const char *tok, } if (osmux_cid >= 0) - sprintf(osmux_extension, "\nX-Osmux: %u", osmux_cid); + sprintf(osmux_extension, "\nX-Osmux: %u", osmux_cid & 0xff); else osmux_extension[0] = '\0'; -- cgit v1.2.3