settings.h: IMSI is 15 bytes +1 \0 maximum

If we use a larger field to store the IMSI, we can create overflows when
copying the imsi to other structures that are only 16 bytes in size.

Detected by Smatch:
src/host/layer23/src/mobile/subscriber.c +195 gsm_subscr_testcard(39) error: strcpy() 'set->test_imsi' too large for 'subscr->imsi' (20 vs 16)

diff --git a/src/host/layer23/include/osmocom/bb/mobile/settings.h b/src/host/layer23/include/osmocom/bb/mobile/settings.h
index 7fa6089..20a8692 100644 (file)
--- a/src/host/layer23/include/osmocom/bb/mobile/settings.h
+++ b/src/host/layer23/include/osmocom/bb/mobile/settings.h
@@ -21,10 +21,10 @@ struct gsm_settings {
 
        /* SIM */
        int                     sim_type; /* selects card on power on */
-       char                    emergency_imsi[20]; /* just in case... */
+       char                    emergency_imsi[16];
 
        /* test card simulator settings */
-       char                    test_imsi[20]; /* just in case... */
+       char                    test_imsi[16];
        uint32_t                test_tmsi;
        uint8_t                 test_ki_type;
        uint8_t                 test_ki[16]; /* 128 bit max */