ooh323: Prevent potential buffer overflow in trace logging

Replace a call to vsprintf with a call to ast_vasprintf to
prevent a possible buffer overflow.

Resolves: #GHSA-x348-j6c9-77f3
This commit is contained in:
Mike Bradeen
2026-03-31 11:41:10 -06:00
committed by George Joseph
parent 9724288770
commit 70b0abcd03
+7 -3
View File
@@ -43,13 +43,17 @@ void ooTrace(OOUINT32 traceLevel, const char * fmtspec, ...) __attribute__((form
void ooTrace(OOUINT32 traceLevel, const char * fmtspec, ...) {
va_list arglist;
char logMessage[MAXLOGMSGLEN];
char *logMessage = NULL;
int res = 0;
if(traceLevel > gs_traceLevel) return;
va_start (arglist, fmtspec);
/* memset(logMessage, 0, MAXLOGMSGLEN);*/
vsprintf(logMessage, fmtspec, arglist);
res = ast_vasprintf(&logMessage, fmtspec, arglist);
va_end(arglist);
if (res < 0 || !logMessage) {
return;
}
ooTraceLogMessage(logMessage);
ast_free(logMessage);
}
void ooTraceLogMessage(const char * logMessage)