From c17fbfcde19b6ed5418bfee7646c1c041d9b6255 Mon Sep 17 00:00:00 2001 From: Ismael Gomez Date: Thu, 26 Apr 2018 11:45:46 +0200 Subject: [PATCH] Fixed buffer overflow in SIB generation --- srsenb/src/upper/rrc.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/srsenb/src/upper/rrc.cc b/srsenb/src/upper/rrc.cc index 2afedad08..a18df9a59 100644 --- a/srsenb/src/upper/rrc.cc +++ b/srsenb/src/upper/rrc.cc @@ -121,7 +121,7 @@ uint32_t rrc::generate_sibs() // msg is array of SI messages, each SI message msg[i] may contain multiple SIBs // all SIBs in a SI message msg[i] share the same periodicity - LIBLTE_RRC_BCCH_DLSCH_MSG_STRUCT *msg = (LIBLTE_RRC_BCCH_DLSCH_MSG_STRUCT*)calloc(nof_messages, sizeof(LIBLTE_RRC_BCCH_DLSCH_MSG_STRUCT)); + LIBLTE_RRC_BCCH_DLSCH_MSG_STRUCT *msg = (LIBLTE_RRC_BCCH_DLSCH_MSG_STRUCT*)calloc(nof_messages+1, sizeof(LIBLTE_RRC_BCCH_DLSCH_MSG_STRUCT)); // Copy SIB1 to first SI message msg[0].N_sibs = 1;