[asterisk-bugs] [Asterisk 0011958]: ast_print_group misuses strncat
noreply at bugs.digium.com
noreply at bugs.digium.com
Fri Mar 7 00:56:19 CST 2008
The following issue has been ASSIGNED.
======================================================================
http://bugs.digium.com/view.php?id=11958
======================================================================
Reported By: norman
Assigned To: Corydon76
======================================================================
Project: Asterisk
Issue ID: 11958
Category: Channels/General
Reproducibility: always
Severity: minor
Priority: normal
Status: closed
Asterisk Version: 1.4.18
SVN Branch (only for SVN checkouts, not tarball releases): N/A
SVN Revision (number only!):
Disclaimer on File?: N/A
Request Review:
Resolution: fixed
Fixed in Version:
======================================================================
Date Submitted: 02-08-2008 19:23 CST
Last Modified: 03-07-2008 00:56 CST
======================================================================
Summary: ast_print_group misuses strncat
Description:
ast_print_group does things like this:
strncat(buf, ", ", buflen);
strncat(buf, num, buflen);
However, strncat can write size+1 bytes (for the trailing \0.) Callers
pass in sizeof(buf), which could case a one-byte buffer overflow.
======================================================================
----------------------------------------------------------------------
Corydon76 - 03-07-08 00:56
----------------------------------------------------------------------
There. It'll be in 1.4.19 now.
Issue History
Date Modified Username Field Change
======================================================================
03-07-08 00:56 Corydon76 Note Added: 0083581
03-07-08 00:56 Corydon76 Assigned To crich => Corydon76
03-07-08 00:56 Corydon76 View Status private => public
======================================================================
More information about the asterisk-bugs
mailing list