FreeCalypso > hg > freecalypso-tools
view rvinterf/etmsync/pirimei.c @ 1011:6d9b10633f10 default tip
etmsync Pirelli IMEI retrieval: fix poor use of printf()
Bug reported by Vadim Yanitskiy <fixeria@osmocom.org>: the construct
where a static-allocated string was passed to printf() without any
format arguments causes newer compilers to report a security problem.
Given that formatted output is not needed here, just fixed string
output, change printf() to fputs(), and direct the error message
to stderr while at it.
author | Mychaela Falconia <falcon@freecalypso.org> |
---|---|
date | Thu, 23 May 2024 17:29:57 +0000 |
parents | 3d148edb87c2 |
children |
line wrap: on
line source
/* * Reading and decryption of Pirelli's factory IMEI record */ #include <sys/types.h> #include <stdio.h> #include <stdlib.h> #include <string.h> #include <strings.h> #include "cl_des.h" #include "exitcodes.h" u_char pirelli_imeisv[8]; get_pirelli_imei() { u_char ciphertext[2][8], dieid_key[8], decrypted[2][8]; int rc; static char failmsg[] = "decryption failed: no valid IMEI record or incompatible firmware\n"; printf("Requesting Calypso die ID\n"); rc = do_dieid_read(dieid_key); if (rc) return(rc); printf("Reading IMEI record in Pirelli's factory data block\n"); rc = do_memory_read(0x027F0504, ciphertext, 16); if (rc) return(rc); cl_des(ciphertext[0], dieid_key, decrypted[0], CL_DES_DECRYPTION); cl_des(ciphertext[1], dieid_key, decrypted[1], CL_DES_DECRYPTION); if (bcmp(decrypted[1], dieid_key, 8)) { fputs(failmsg, stderr); return(ERROR_TARGET); } bcopy(decrypted[0], pirelli_imeisv, 8); printf("Factory IMEISV is %02X%02X%02X%02X-%02X%02X%02X-%02X\n", pirelli_imeisv[0], pirelli_imeisv[1], pirelli_imeisv[2], pirelli_imeisv[3], pirelli_imeisv[4], pirelli_imeisv[5], pirelli_imeisv[6], pirelli_imeisv[7]); return(0); }