kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2025-11-01 11:32:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

CDR: Protect from data overflow in ast_cdr_setuserfield.

Browse Source 
ast_cdr_setuserfield wrote to a fixed length field using strcpy. This could
result in a buffer overrun when called from chan_sip or func_cdr. This patch
adds a maximum bytes written to the field by using ast_copy_string instead.

ASTERISK-26897 #close
patches:
  0001-CDR-Protect-from-data-overflow-in-ast_cdr_setuserfie.patch submitted
    by Corey Farrell (license #5909)

Change-Id: Ib23ca77e9b9e2803a450e1206af45df2d2fdf65c
This commit is contained in:
Corey Farrell
2017-03-27 10:03:49 -04:00
committed by Joshua Colp
parent a889621b14
commit 380973cc47
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
main/cdr.c
View File

@@ -3278,7 +3278,7 @@ void ast_cdr_setuserfield(const char *channel_name, const char *userfield)
if (it_cdr->fn_table == &finalized_state_fn_table && it_cdr->next != NULL) { if (it_cdr->fn_table == &finalized_state_fn_table && it_cdr->next != NULL) {
continue; continue;
} }
strcpy(it_cdr->party_a.userfield, userfield); ast_copy_string(it_cdr->party_a.userfield, userfield, AST_MAX_USER_FIELD);
} }
ao2_unlock(cdr); ao2_unlock(cdr);
} }