kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2025-11-07 18:38:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merged revisions 40057 via svnmerge from

Browse Source 
https://origsvn.digium.com/svn/asterisk/branches/1.2

........
r40057 | kpfleming | 2006-08-16 13:57:44 -0500 (Wed, 16 Aug 2006) | 2 lines

don't allow AUEP responses to overflow the stack during a string copy (reported by Mu Security)

........


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@40058 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This commit is contained in:
Kevin P. Fleming
2006-08-16 18:58:43 +00:00
parent 7546de3d8e
commit e441faab72
1 changed files with 6 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
channels/chan_mgcp.c
View File

@@ -2460,9 +2460,11 @@ static void handle_response(struct mgcp_endpoint *p, struct mgcp_subchannel *sub
if (strncasecmp(v, p->sub->cxident, len) && if (strncasecmp(v, p->sub->cxident, len) &&
strncasecmp(v, p->sub->next->cxident, len)) { strncasecmp(v, p->sub->next->cxident, len)) {
/* connection id not found. delete it */ /* connection id not found. delete it */
char cxident[80]; char cxident[80] = "";
memcpy(cxident, v, len);
cxident[len] = '\0'; if (len > (sizeof(cxident) - 1))
len = sizeof(cxident) - 1;
ast_copy_string(cxident, v, len);
if (option_verbose > 2) { if (option_verbose > 2) {
ast_verbose(VERBOSE_PREFIX_3 "Non existing connection id %s on %s@%s \n", ast_verbose(VERBOSE_PREFIX_3 "Non existing connection id %s on %s@%s \n",
cxident, p->name, gw->name); cxident, p->name, gw->name);