If we use a larger field to store the IMSI, we can create overflows when
copying the imsi to other structures that are only 16 bytes in size.
Detected by Smatch:
src/host/layer23/src/mobile/subscriber.c +195 gsm_subscr_testcard(39) error: strcpy() 'set->test_imsi' too large for 'subscr->imsi' (20 vs 16)
/* SIM */
int sim_type; /* selects card on power on */
- char emergency_imsi[20]; /* just in case... */
+ char emergency_imsi[16];
/* test card simulator settings */
- char test_imsi[20]; /* just in case... */
+ char test_imsi[16];
uint32_t test_tmsi;
uint8_t test_ki_type;
uint8_t test_ki[16]; /* 128 bit max */