diff options
author | James Prestwood <james.prestwood@linux.intel.com> | 2018-10-02 15:41:51 -0700 |
---|---|---|
committer | Denis Kenzior <denkenz@gmail.com> | 2018-10-02 17:57:18 -0500 |
commit | 3819c5e294cb613b18f907e51c6c1e8d6695d974 (patch) | |
tree | 3f2f3ed8eeae2139728b96ef110d7a2b5a5f4318 | |
parent | 774958e133e0b53c87cfa0049b243e11874f3bae (diff) | |
download | phonesim-3819c5e294cb613b18f907e51c6c1e8d6695d974.tar.gz |
simauth: fix gsmAuthenticate
The input to the comp128 algorithm was relying on QSTRING_TO_BUF
returning a pointer to persistant memory. This was not the case
as it was returning a pointer to an intermediate object which was
being freed once out of scope. It just happened to work most of
the time. This change copies ki/rand into a static buffer.
-rw-r--r-- | src/simauth.cpp | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/src/simauth.cpp b/src/simauth.cpp index 24b2d17..93b8826 100644 --- a/src/simauth.cpp +++ b/src/simauth.cpp @@ -42,10 +42,13 @@ SimAuth::~SimAuth() void SimAuth::gsmAuthenticate( QString rand, QString &sres, QString &kc ) { - uint8_t *ki = QSTRING_TO_BUF( _ki ); - uint8_t *_rand = QSTRING_TO_BUF( rand ); - uint8_t _sres[4]; - uint8_t _kc[8]; + uint8_t ki[16]; + uint8_t _rand[16]; + uint8_t _sres[4] = { 0 }; + uint8_t _kc[8] = { 0 }; + + memcpy(ki, QSTRING_TO_BUF( _ki ), 16); + memcpy(_rand, QSTRING_TO_BUF( rand ), 16); comp128( ki, _rand, _sres, _kc ); |