AST-2009-005

git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@211539 65c4cc65-6c06-0410-ace0-fbb531ad65f3
2025-11-18 15:49:56 +00:00 · 2009-08-10 19:20:57 +00:00
parent 41894bea92
commit 642bec4d6f
101 changed files with 484 additions and 455 deletions
--- a/funcs/func_channel.c
+++ b/funcs/func_channel.c
@@ -364,7 +364,7 @@ static int func_channel_write(struct ast_channel *chan, const char *function,
 	else if (!strcasecmp(data, "amaflags")) {
 		ast_channel_lock(chan);
 		if(isdigit(*value)) {
-			sscanf(value, "%d", &chan->amaflags);
+			sscanf(value, "%30d", &chan->amaflags);
 		} else if (!strcasecmp(value,"OMIT")){
 			chan->amaflags = 1;
 		} else if (!strcasecmp(value,"BILLING")){
@@ -409,10 +409,10 @@ static int func_channel_write(struct ast_channel *chan, const char *function,
 	} else if (!strcasecmp(data, "callgroup"))
 		chan->callgroup = ast_get_group(value);
 	else if (!strcasecmp(data, "txgain")) {
-		sscanf(value, "%hhd", &gainset);
+		sscanf(value, "%4hhd", &gainset);
 		ast_channel_setoption(chan, AST_OPTION_TXGAIN, &gainset, sizeof(gainset), 0);
 	} else if (!strcasecmp(data, "rxgain")) {
-		sscanf(value, "%hhd", &gainset);
+		sscanf(value, "%4hhd", &gainset);
 		ast_channel_setoption(chan, AST_OPTION_RXGAIN, &gainset, sizeof(gainset), 0);
 	} else if (!strcasecmp(data, "transfercapability")) {
 		unsigned short i;
--- a/funcs/func_cut.c
+++ b/funcs/func_cut.c
@@ -129,7 +129,7 @@ static int sort_internal(struct ast_channel *chan, char *data, char *buffer, siz
 		}
 		*ptrvalue++ = '\0';
 		sortable_keys[count2].key = ptrkey;
-		sscanf(ptrvalue, "%f", &sortable_keys[count2].value);
+		sscanf(ptrvalue, "%30f", &sortable_keys[count2].value);
 		count2++;
 	}

@@ -191,15 +191,15 @@ static int cut_internal(struct ast_channel *chan, char *data, struct ast_str **b
 			int start_field, stop_field;
 			char trashchar;

-			if (sscanf(next_range, "%d-%d", &start_field, &stop_field) == 2) {
+			if (sscanf(next_range, "%30d-%30d", &start_field, &stop_field) == 2) {
 				/* range with both start and end */
-			} else if (sscanf(next_range, "-%d", &stop_field) == 1) {
+			} else if (sscanf(next_range, "-%30d", &stop_field) == 1) {
 				/* range with end only */
 				start_field = 1;
-			} else if ((sscanf(next_range, "%d%c", &start_field, &trashchar) == 2) && (trashchar == '-')) {
+			} else if ((sscanf(next_range, "%30d%1c", &start_field, &trashchar) == 2) && (trashchar == '-')) {
 				/* range with start only */
 				stop_field = INT_MAX;
-			} else if (sscanf(next_range, "%d", &start_field) == 1) {
+			} else if (sscanf(next_range, "%30d", &start_field) == 1) {
 				/* single number */
 				stop_field = start_field;
 			} else {
--- a/funcs/func_dialplan.c
+++ b/funcs/func_dialplan.c
@@ -72,7 +72,7 @@ static int isexten_function_read(struct ast_channel *chan, const char *cmd, char

 	if (!ast_strlen_zero(args.priority)) {
 		int priority_num;
-		if (sscanf(args.priority, "%d", &priority_num) == 1 && priority_num > 0) {
+		if (sscanf(args.priority, "%30d", &priority_num) == 1 && priority_num > 0) {
 			int res;
 			res = ast_exists_extension(chan, args.context, args.exten, priority_num, 
 				chan->cid.cid_num);
--- a/funcs/func_enum.c
+++ b/funcs/func_enum.c
@@ -365,7 +365,7 @@ static int enum_result_read(struct ast_channel *chan, const char *cmd, char *dat
 		goto finish;
 	}

-	if (sscanf(args.resultnum, "%u", &num) != 1) {
+	if (sscanf(args.resultnum, "%30u", &num) != 1) {
 		ast_log(LOG_ERROR, "Invalid value '%s' for resultnum to ENUMRESULT!\n", args.resultnum);
 		goto finish;
 	}
--- a/funcs/func_math.c
+++ b/funcs/func_math.c
@@ -255,12 +255,12 @@ static int math(struct ast_channel *chan, const char *cmd, char *parse,
 		return -1;
 	}

-	if (sscanf(mvalue1, "%lf", &fnum1) != 1) {
+	if (sscanf(mvalue1, "%30lf", &fnum1) != 1) {
 		ast_log(LOG_WARNING, "'%s' is not a valid number\n", mvalue1);
 		return -1;
 	}

-	if (sscanf(mvalue2, "%lf", &fnum2) != 1) {
+	if (sscanf(mvalue2, "%30lf", &fnum2) != 1) {
 		ast_log(LOG_WARNING, "'%s' is not a valid number\n", mvalue2);
 		return -1;
 	}
@@ -397,7 +397,7 @@ static int crement_function_read(struct ast_channel *chan, const char *cmd,
 		return -1;
 	}

-	if (sscanf(var, "%d%c", &int_value, &endchar) == 0 || endchar != 0) {
+	if (sscanf(var, "%30d%1c", &int_value, &endchar) == 0 || endchar != 0) {
 		ast_log(LOG_NOTICE, "The content of ${%s} is not a numeric value - bailing out!\n", data);
 		ast_channel_unlock(chan);
 		return -1;
--- a/funcs/func_odbc.c
+++ b/funcs/func_odbc.c
@@ -836,7 +836,7 @@ static int init_acf_query(struct ast_config *cfg, char *catg, struct acf_odbc_qu
 		if (strcasecmp(tmp, "multirow") == 0)
 			ast_set_flag((*query), OPT_MULTIROW);
 		if ((tmp = ast_variable_retrieve(cfg, catg, "rowlimit")))
-			sscanf(tmp, "%d", &((*query)->rowlimit));
+			sscanf(tmp, "%30d", &((*query)->rowlimit));
 	}

 	(*query)->acf = ast_calloc(1, sizeof(struct ast_custom_function));
--- a/funcs/func_rand.c
+++ b/funcs/func_rand.c
@@ -63,10 +63,10 @@ static int acf_rand_exec(struct ast_channel *chan, const char *cmd,

 	AST_STANDARD_APP_ARGS(args, parse);

-	if (ast_strlen_zero(args.min) || sscanf(args.min, "%d", &min_int) != 1)
+	if (ast_strlen_zero(args.min) || sscanf(args.min, "%30d", &min_int) != 1)
 		min_int = 0;

-	if (ast_strlen_zero(args.max) || sscanf(args.max, "%d", &max_int) != 1)
+	if (ast_strlen_zero(args.max) || sscanf(args.max, "%30d", &max_int) != 1)
 		max_int = RAND_MAX;

 	if (max_int < min_int) {
--- a/funcs/func_speex.c
+++ b/funcs/func_speex.c
@@ -239,7 +239,7 @@ static int speex_write(struct ast_channel *chan, const char *cmd, char *data, co
 	}

 	if (!strcasecmp(cmd, "agc")) {
-		if (!sscanf(value, "%f", &(*sdi)->agclevel))
+		if (!sscanf(value, "%30f", &(*sdi)->agclevel))
 			(*sdi)->agclevel = ast_true(value) ? DEFAULT_AGC_LEVEL : 0.0;
 	
 		if ((*sdi)->agclevel > 32768.0) {
--- a/funcs/func_sprintf.c
+++ b/funcs/func_sprintf.c
@@ -123,7 +123,7 @@ static int acf_sprintf(struct ast_channel *chan, const char *cmd, char *data, ch

 				/* Convert the argument into the required type */
 				if (arg.var[argcount]) {
-					if (sscanf(arg.var[argcount++], "%d", &tmpi) != 1) {
+					if (sscanf(arg.var[argcount++], "%30d", &tmpi) != 1) {
 						ast_log(LOG_ERROR, "Argument '%s' is not an integer number for format '%s'\n", arg.var[argcount - 1], formatbuf);
 						goto sprintf_fail;
 					}
@@ -146,7 +146,7 @@ static int acf_sprintf(struct ast_channel *chan, const char *cmd, char *data, ch

 				/* Convert the argument into the required type */
 				if (arg.var[argcount]) {
-					if (sscanf(arg.var[argcount++], "%lf", &tmpd) != 1) {
+					if (sscanf(arg.var[argcount++], "%30lf", &tmpd) != 1) {
 						ast_log(LOG_ERROR, "Argument '%s' is not a floating point number for format '%s'\n", arg.var[argcount - 1], formatbuf);
 						goto sprintf_fail;
 					}
--- a/funcs/func_timeout.c
+++ b/funcs/func_timeout.c
@@ -137,7 +137,7 @@ static int timeout_write(struct ast_channel *chan, const char *cmd, char *data,
 	if (!value)
 		return -1;

-	res = sscanf(value, "%ld%lf", &sec, &x);
+	res = sscanf(value, "%30ld%30lf", &sec, &x);
 	if (res == 0 || sec < 0) {
 		when.tv_sec = 0;
 		when.tv_usec = 0;