kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2025-09-22 13:25:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

check bounds - prevents for buffer overflow

Browse Source 
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.4@221153 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This commit is contained in:
Matthias Nick
2009-09-30 15:37:39 +00:00
parent 96564de25e
commit e66c485660
1 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
funcs/func_strings.c
View File

@@ -384,6 +384,12 @@ static struct ast_custom_function sprintf_function = {
static int quote(struct ast_channel *chan, char *cmd, char *data, char *buf, size_t len) static int quote(struct ast_channel *chan, char *cmd, char *data, char *buf, size_t len)
{ {
char *bufptr = buf, *dataptr = data; char *bufptr = buf, *dataptr = data;
if (len < 3){ /* at least two for quotes and one for binary zero */
ast_log(LOG_ERROR, "Not enough buffer");
return -1;
}
if (ast_strlen_zero(data)) { if (ast_strlen_zero(data)) {
ast_log(LOG_WARNING, "No argument specified!\n"); ast_log(LOG_WARNING, "No argument specified!\n");
ast_copy_string(buf, "\"\"", len); ast_copy_string(buf, "\"\"", len);
@@ -391,7 +397,7 @@ static int quote(struct ast_channel *chan, char *cmd, char *data, char *buf, siz
} }
*bufptr++ = '"'; *bufptr++ = '"';
for (; bufptr < buf + len - 1; dataptr++) { for (; bufptr < buf + len - 3; dataptr++) {
if (*dataptr == '\\') { if (*dataptr == '\\') {
*bufptr++ = '\\'; *bufptr++ = '\\';
*bufptr++ = '\\'; *bufptr++ = '\\';