Actions
Bug #3022
closedsrc/common/oml.c/oml_send_msg(): The 'memcpy' function doesn't copy the whole string
Start date:
03/01/2018
Due date:
% Done:
100%
Spec Reference:
Description
Have a look at the following part of the oml_send_msg():
if (is_manuf) {
/* length byte, string + 0 termination */
uint8_t *manuf = msgb_push(msg, 1 + sizeof(abis_nm_ipa_magic));
manuf0 = strlen(abis_nm_ipa_magic)+1;
memcpy(manuf+1, abis_nm_ipa_magic, strlen(abis_nm_ipa_magic));
}
Here we assuming '\0', but memcpy is used anyway, which does omit '\0'...
Updated by fixeria about 5 years ago
- Status changed from New to Feedback
- % Done changed from 0 to 90
Updated by fixeria about 5 years ago
- Status changed from Feedback to Resolved
- % Done changed from 90 to 100
Merged.
Actions