mirror of
https://github.com/asterisk/asterisk.git
synced 2025-09-24 06:53:41 +00:00
Safely use the strncat() function.
(closes issue #11958) Reported by: norman Patches: 20080209__bug11958.diff.txt uploaded by Corydon76 (license 14) git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.4@106552 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This commit is contained in:
Tilghman Lesher
@@ -579,7 +579,7 @@ static int common_exec(struct ast_channel *chan, const struct ast_flags *flags,
|
|||||||
}
|
}
|
||||||
|
|
||||||
strcpy(peer_name, "spy-");
|
strcpy(peer_name, "spy-");
|
||||||
strncat(peer_name, peer->name, AST_NAME_STRLEN);
|
strncat(peer_name, peer->name, AST_NAME_STRLEN - 4 - 1);
|
||||||
ptr = strchr(peer_name, '/');
|
ptr = strchr(peer_name, '/');
|
||||||
*ptr++ = '\0';
|
*ptr++ = '\0';
|
||||||
|
|
||||||
|
|||||||
@@ -2427,7 +2427,7 @@ static int rpt_do_fun(int fd, int argc, char *argv[])
|
|||||||
}
|
}
|
||||||
if(!busy){
|
if(!busy){
|
||||||
myrpt->macrotimer = MACROTIME;
|
myrpt->macrotimer = MACROTIME;
|
||||||
strncat(myrpt->macrobuf,argv[3],MAXMACRO - 1);
|
strncat(myrpt->macrobuf, argv[3], MAXMACRO - strlen(myrpt->macrobuf) - 1);
|
||||||
}
|
}
|
||||||
rpt_mutex_unlock(&myrpt->lock);
|
rpt_mutex_unlock(&myrpt->lock);
|
||||||
}
|
}
|
||||||
@@ -5090,7 +5090,7 @@ int i;
|
|||||||
return DC_ERROR;
|
return DC_ERROR;
|
||||||
}
|
}
|
||||||
myrpt->macrotimer = MACROTIME;
|
myrpt->macrotimer = MACROTIME;
|
||||||
strncat(myrpt->macrobuf,val,MAXMACRO - 1);
|
strncat(myrpt->macrobuf, val, MAXMACRO - strlen(myrpt->macrobuf) - 1);
|
||||||
rpt_mutex_unlock(&myrpt->lock);
|
rpt_mutex_unlock(&myrpt->lock);
|
||||||
return DC_COMPLETE;
|
return DC_COMPLETE;
|
||||||
}
|
}
|
||||||
@@ -8749,7 +8749,7 @@ static void do_scheduler(struct rpt *myrpt)
|
|||||||
return; /* Macro buffer full */
|
return; /* Macro buffer full */
|
||||||
}
|
}
|
||||||
myrpt->macrotimer = MACROTIME;
|
myrpt->macrotimer = MACROTIME;
|
||||||
strncat(myrpt->macrobuf,val,MAXMACRO - 1);
|
strncat(myrpt->macrobuf,val,MAXMACRO - strlen(myrpt->macrobuf) - 1);
|
||||||
}
|
}
|
||||||
else{
|
else{
|
||||||
ast_log(LOG_WARNING,"Malformed scheduler entry in rpt.conf: %s = %s\n",
|
ast_log(LOG_WARNING,"Malformed scheduler entry in rpt.conf: %s = %s\n",
|
||||||
|
|||||||
@@ -735,7 +735,7 @@ static int speech_background(struct ast_channel *chan, void *data)
|
|||||||
}
|
}
|
||||||
time(&start);
|
time(&start);
|
||||||
snprintf(tmp, sizeof(tmp), "%c", f->subclass);
|
snprintf(tmp, sizeof(tmp), "%c", f->subclass);
|
||||||
strncat(dtmf, tmp, sizeof(dtmf));
|
strncat(dtmf, tmp, sizeof(dtmf) - strlen(dtmf) - 1);
|
||||||
/* If the maximum length of the DTMF has been reached, stop now */
|
/* If the maximum length of the DTMF has been reached, stop now */
|
||||||
if (max_dtmf_len && strlen(dtmf) == max_dtmf_len)
|
if (max_dtmf_len && strlen(dtmf) == max_dtmf_len)
|
||||||
done = 1;
|
done = 1;
|
||||||
|
|||||||
@@ -3842,8 +3842,8 @@ static int vm_forwardoptions(struct ast_channel *chan, struct ast_vm_user *vmu,
|
|||||||
make_file(msgfile, sizeof(msgfile), curdir, curmsg);
|
make_file(msgfile, sizeof(msgfile), curdir, curmsg);
|
||||||
strcpy(textfile, msgfile);
|
strcpy(textfile, msgfile);
|
||||||
strcpy(backup, msgfile);
|
strcpy(backup, msgfile);
|
||||||
strncat(textfile, ".txt", sizeof(textfile) - 1);
|
strncat(textfile, ".txt", sizeof(textfile) - strlen(textfile) - 1);
|
||||||
strncat(backup, "-bak", sizeof(backup) - 1);
|
strncat(backup, "-bak", sizeof(backup) - strlen(backup) - 1);
|
||||||
|
|
||||||
if (!(msg_cfg = ast_config_load(textfile))) {
|
if (!(msg_cfg = ast_config_load(textfile))) {
|
||||||
return -1;
|
return -1;
|
||||||
|
|||||||
@@ -2246,8 +2246,7 @@ static int misdn_digit_end(struct ast_channel *ast, char digit, unsigned int dur
|
|||||||
buf[1]=0;
|
buf[1]=0;
|
||||||
|
|
||||||
l = sizeof(bc->infos_pending);
|
l = sizeof(bc->infos_pending);
|
||||||
strncat(bc->infos_pending,buf,l);
|
strncat(bc->infos_pending, buf, l - strlen(bc->infos_pending) - 1);
|
||||||
bc->infos_pending[l-1] = 0;
|
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case MISDN_CALLING_ACKNOWLEDGE:
|
case MISDN_CALLING_ACKNOWLEDGE:
|
||||||
@@ -2257,8 +2256,7 @@ static int misdn_digit_end(struct ast_channel *ast, char digit, unsigned int dur
|
|||||||
|
|
||||||
{
|
{
|
||||||
int l = sizeof(bc->dad);
|
int l = sizeof(bc->dad);
|
||||||
strncat(bc->dad,bc->info_dad, l - strlen(bc->dad));
|
strncat(bc->dad, bc->info_dad, l - strlen(bc->dad) - 1);
|
||||||
bc->dad[l-1] = 0;
|
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
int l = sizeof(p->ast->exten);
|
int l = sizeof(p->ast->exten);
|
||||||
@@ -4054,8 +4052,7 @@ cb_events(enum event_e event, struct misdn_bchannel *bc, void *user_data)
|
|||||||
}
|
}
|
||||||
|
|
||||||
l = sizeof(bc->dad);
|
l = sizeof(bc->dad);
|
||||||
strncat(bc->dad,bc->info_dad, l);
|
strncat(bc->dad,bc->info_dad, l - strlen(bc->dad) - 1);
|
||||||
bc->dad[l-1] = 0;
|
|
||||||
|
|
||||||
l = sizeof(ch->ast->exten);
|
l = sizeof(ch->ast->exten);
|
||||||
strncpy(ch->ast->exten, bc->dad, l);
|
strncpy(ch->ast->exten, bc->dad, l);
|
||||||
@@ -4133,8 +4130,7 @@ cb_events(enum event_e event, struct misdn_bchannel *bc, void *user_data)
|
|||||||
if (ch->state != MISDN_CONNECTED ) {
|
if (ch->state != MISDN_CONNECTED ) {
|
||||||
if (digits) {
|
if (digits) {
|
||||||
int l = sizeof(bc->dad);
|
int l = sizeof(bc->dad);
|
||||||
strncat(bc->dad,bc->info_dad, l);
|
strncat(bc->dad, bc->info_dad, l - strlen(bc->dad) - 1);
|
||||||
bc->dad[l-1] = 0;
|
|
||||||
l = sizeof(ch->ast->exten);
|
l = sizeof(ch->ast->exten);
|
||||||
strncpy(ch->ast->exten, bc->dad, l);
|
strncpy(ch->ast->exten, bc->dad, l);
|
||||||
ch->ast->exten[l-1] = 0;
|
ch->ast->exten[l-1] = 0;
|
||||||
@@ -4436,8 +4432,7 @@ cb_events(enum event_e event, struct misdn_bchannel *bc, void *user_data)
|
|||||||
|
|
||||||
{
|
{
|
||||||
int l = sizeof(bc->dad);
|
int l = sizeof(bc->dad);
|
||||||
strncat(bc->dad,bc->infos_pending, l - strlen(bc->dad));
|
strncat(bc->dad, bc->infos_pending, l - strlen(bc->dad) - 1);
|
||||||
bc->dad[l-1] = 0;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!ch->ast) break;
|
if (!ch->ast) break;
|
||||||
|
|||||||
@@ -98,7 +98,7 @@ static int function_enum(struct ast_channel *chan, char *cmd, char *data,
|
|||||||
for (s = p = args.number; *s; s++) {
|
for (s = p = args.number; *s; s++) {
|
||||||
if (*s != '-') {
|
if (*s != '-') {
|
||||||
snprintf(tmp, sizeof(tmp), "%c", *s);
|
snprintf(tmp, sizeof(tmp), "%c", *s);
|
||||||
strncat(num, tmp, sizeof(num));
|
strncat(num, tmp, sizeof(num) - strlen(num) - 1);
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1932,9 +1932,10 @@ static char *cli_prompt(EditLine *el)
|
|||||||
if (color_used) {
|
if (color_used) {
|
||||||
/* Force colors back to normal at end */
|
/* Force colors back to normal at end */
|
||||||
term_color_code(term_code, COLOR_WHITE, COLOR_BLACK, sizeof(term_code));
|
term_color_code(term_code, COLOR_WHITE, COLOR_BLACK, sizeof(term_code));
|
||||||
if (strlen(term_code) > sizeof(prompt) - strlen(prompt)) {
|
if (strlen(term_code) > sizeof(prompt) - strlen(prompt) - 1) {
|
||||||
strncat(prompt + sizeof(prompt) - strlen(term_code) - 1, term_code, strlen(term_code));
|
ast_copy_string(prompt + sizeof(prompt) - strlen(term_code) - 1, term_code, strlen(term_code) + 1);
|
||||||
} else {
|
} else {
|
||||||
|
/* This looks wrong, but we've already checked the length of term_code to ensure it's safe */
|
||||||
strncat(p, term_code, sizeof(term_code));
|
strncat(p, term_code, sizeof(term_code));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -4373,12 +4373,12 @@ char *ast_print_group(char *buf, int buflen, ast_group_t group)
|
|||||||
for (i = 0; i <= 63; i++) { /* Max group is 63 */
|
for (i = 0; i <= 63; i++) { /* Max group is 63 */
|
||||||
if (group & ((ast_group_t) 1 << i)) {
|
if (group & ((ast_group_t) 1 << i)) {
|
||||||
if (!first) {
|
if (!first) {
|
||||||
strncat(buf, ", ", buflen);
|
strncat(buf, ", ", buflen - strlen(buf) - 1);
|
||||||
} else {
|
} else {
|
||||||
first=0;
|
first=0;
|
||||||
}
|
}
|
||||||
snprintf(num, sizeof(num), "%u", i);
|
snprintf(num, sizeof(num), "%u", i);
|
||||||
strncat(buf, num, buflen);
|
strncat(buf, num, buflen - strlen(buf) - 1);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return buf;
|
return buf;
|
||||||
|
|||||||
@@ -1091,16 +1091,16 @@ int ast_codec_pref_string(struct ast_codec_pref *pref, char *buf, size_t size)
|
|||||||
slen = strlen(formatname);
|
slen = strlen(formatname);
|
||||||
if(slen > total_len)
|
if(slen > total_len)
|
||||||
break;
|
break;
|
||||||
strncat(buf,formatname,total_len);
|
strncat(buf, formatname, total_len - 1); /* safe */
|
||||||
total_len -= slen;
|
total_len -= slen;
|
||||||
}
|
}
|
||||||
if(total_len && x < 31 && ast_codec_pref_index(pref , x + 1)) {
|
if(total_len && x < 31 && ast_codec_pref_index(pref , x + 1)) {
|
||||||
strncat(buf,"|",total_len);
|
strncat(buf, "|", total_len - 1); /* safe */
|
||||||
total_len--;
|
total_len--;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if(total_len) {
|
if(total_len) {
|
||||||
strncat(buf,")",total_len);
|
strncat(buf, ")", total_len - 1); /* safe */
|
||||||
total_len--;
|
total_len--;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -206,10 +206,10 @@ static char *authority_to_str(int authority, char *res, int reslen)
|
|||||||
for (i = 0; i < (sizeof(perms) / sizeof(perms[0])) - 1; i++) {
|
for (i = 0; i < (sizeof(perms) / sizeof(perms[0])) - 1; i++) {
|
||||||
if (authority & perms[i].num) {
|
if (authority & perms[i].num) {
|
||||||
if (*res) {
|
if (*res) {
|
||||||
strncat(res, ",", (reslen > running_total) ? reslen - running_total : 0);
|
strncat(res, ",", (reslen > running_total) ? reslen - running_total - 1 : 0);
|
||||||
running_total++;
|
running_total++;
|
||||||
}
|
}
|
||||||
strncat(res, perms[i].label, (reslen > running_total) ? reslen - running_total : 0);
|
strncat(res, perms[i].label, (reslen > running_total) ? reslen - running_total - 1 : 0);
|
||||||
running_total += strlen(perms[i].label);
|
running_total += strlen(perms[i].label);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user