simauth: fix gsmAuthenticate

The input to the comp128 algorithm was relying on QSTRING_TO_BUF returning a pointer to persistant memory. This was not the case as it was returning a pointer to an intermediate object which was being freed once out of scope. It just happened to work most of the time. This change copies ki/rand into a static buffer.
author: James Prestwood <james.prestwood@linux.intel.com> 2018-10-02 15:41:51 -0700
committer: Denis Kenzior <denkenz@gmail.com> 2018-10-02 17:57:18 -0500
commit: 3819c5e294cb613b18f907e51c6c1e8d6695d974 (patch)
tree: 3f2f3ed8eeae2139728b96ef110d7a2b5a5f4318
parent: 774958e133e0b53c87cfa0049b243e11874f3bae (diff)
download: phonesim-3819c5e294cb613b18f907e51c6c1e8d6695d974.tar.gz
1 files changed, 7 insertions, 4 deletions
diff --git a/src/simauth.cpp b/src/simauth.cpp
index 24b2d17..93b8826 100644
--- a/src/simauth.cpp
+++ b/src/simauth.cpp
@@ -42,10 +42,13 @@ SimAuth::~SimAuth()
 void SimAuth::gsmAuthenticate( QString rand, QString &sres,
         QString &kc )
 {
-    uint8_t *ki = QSTRING_TO_BUF( _ki );
-    uint8_t *_rand = QSTRING_TO_BUF( rand );
-    uint8_t _sres[4];
-    uint8_t _kc[8];
+    uint8_t ki[16];
+    uint8_t _rand[16];
+    uint8_t _sres[4] = { 0 };
+    uint8_t _kc[8] = { 0 };
+
+    memcpy(ki, QSTRING_TO_BUF( _ki ), 16);
+    memcpy(_rand, QSTRING_TO_BUF( rand ), 16);
 
     comp128( ki, _rand, _sres, _kc );
author	James Prestwood <james.prestwood@linux.intel.com>	2018-10-02 15:41:51 -0700
committer	Denis Kenzior <denkenz@gmail.com>	2018-10-02 17:57:18 -0500
commit	3819c5e294cb613b18f907e51c6c1e8d6695d974 (patch)
tree	3f2f3ed8eeae2139728b96ef110d7a2b5a5f4318
parent	774958e133e0b53c87cfa0049b243e11874f3bae (diff)
download	phonesim-3819c5e294cb613b18f907e51c6c1e8d6695d974.tar.gz