hlr.c: Avoid overflow of lu_operation.subscr.imsi It appears that hlr_subscriber.imsi is 16 buffers in size: 15 chars for IMSI + 1 byte NUL. However, osmo_gsup_message.imsi is 17 bytes (for whatever reason), so we cannot simply do a strpy() as this might overflow the hlr_subscriber.imsi field! TODO: check if weactually ever receive a too-long IMSI in GSUP and reject that at an earlier time in the code flow. Fixes: Coverity CID#164746 Change-Id: I9ff94e6bb0ad2ad2a7c010d3ea7dad9af0f3c048

commit: bd0d5bf5d8957c965473960ceb659043bac21128 [log] [tgz]
author: Harald Welte <laforge@gnumonks.org> Mon Nov 06 03:55:02 2017 +0900
committer: Neels Hofmeyr <nhofmeyr@sysmocom.de> Fri Nov 10 21:26:53 2017 +0000
tree: e473e10074ef6e216730b19e3589fbfca6b52032
parent: 87a04b6b95d827c5c82c3e7ffb99f60e86028f25 [diff]
diff --git a/src/hlr.c b/src/hlr.c
index 6310526..78a7055 100644
--- a/src/hlr.c
+++ b/src/hlr.c

@@ -164,7 +164,7 @@
 	/* check if subscriber is known at all */
 	if (!lu_op_fill_subscr(luop, g_hlr->dbc, gsup->imsi)) {
 		/* Send Error back: Subscriber Unknown in HLR */
-		strcpy(luop->subscr.imsi, gsup->imsi);
+		osmo_strlcpy(luop->subscr.imsi, gsup->imsi, sizeof(luop->subscr.imsi));
 		lu_op_tx_error(luop, GMM_CAUSE_IMSI_UNKNOWN);
 		return 0;
 	}
commit	bd0d5bf5d8957c965473960ceb659043bac21128	[log] [tgz]
author	Harald Welte <laforge@gnumonks.org>	Mon Nov 06 03:55:02 2017 +0900
committer	Neels Hofmeyr <nhofmeyr@sysmocom.de>	Fri Nov 10 21:26:53 2017 +0000
tree	e473e10074ef6e216730b19e3589fbfca6b52032
parent	87a04b6b95d827c5c82c3e7ffb99f60e86028f25 [diff]