commit f4fa695ca15e7df07ffb70d7d30a44e80438af90
author Max <msuraev@sysmocom.de> Mon Jan 15 12:12:51 2018 +0100
committer Harald Welte <laforge@gnumonks.org> Mon Nov 19 05:46:24 2018 +0000
tree ce9c21556e31ee06d7d0208906128c3e8aea7e07
parent c5721545c6cd69effcef612a14c01aa4be89adde

Use safer functions for IMSI ACL

Avoid explicit memset which confuses coverity, use strnlen() and
osmo_strlcpy() to handle strings.

Change-Id: I73fd54ad3a4ab8be5aff0fee5c722597ad766e9d
Fixes: CID163626

src/gprs/sgsn_vty.c

diff --git a/src/gprs/sgsn_vty.c b/src/gprs/sgsn_vty.c
index f57a2b9..601b3c5 100644
--- a/src/gprs/sgsn_vty.c
+++ b/src/gprs/sgsn_vty.c
@@ -634,19 +634,21 @@
 	"Remove IMSI from ACL\n"
 	"IMSI of subscriber\n")
 {
-	char imsi_sanitized[GSM23003_IMSI_MAX_DIGITS+1];
+	char imsi_sanitized[GSM23003_IMSI_MAX_DIGITS + 1] = { '0' };
 	const char *op = argv[0];
 	const char *imsi = imsi_sanitized;
+	size_t len = strnlen(argv[1], GSM23003_IMSI_MAX_DIGITS + 1);
 	int rc;
 
 	/* Sanitize IMSI */
-	if (strlen(argv[1]) > GSM23003_IMSI_MAX_DIGITS) {
-		vty_out(vty, "%% IMSI (%s) too long -- ignored!%s",
-			argv[1], VTY_NEWLINE);
+	if (len > GSM23003_IMSI_MAX_DIGITS) {
+		vty_out(vty, "%% IMSI (%s) too long (max %u digits) -- ignored!%s",
+			argv[1], GSM23003_IMSI_MAX_DIGITS, VTY_NEWLINE);
 		return CMD_WARNING;
 	}
-	memset(imsi_sanitized, '0', sizeof(imsi_sanitized));
-	strcpy(imsi_sanitized+GSM23003_IMSI_MAX_DIGITS-strlen(argv[1]),argv[1]);
+
+	osmo_strlcpy(imsi_sanitized + GSM23003_IMSI_MAX_DIGITS - len, argv[1],
+		     sizeof(imsi_sanitized) - (GSM23003_IMSI_MAX_DIGITS - len));
 
 	if (!strcmp(op, "add"))
 		rc = sgsn_acl_add(imsi, g_cfg);