[asterisk-bugs] [Asterisk 0011958]: ast_print_group misuses strncat

noreply at bugs.digium.com noreply at bugs.digium.com
Fri Mar 7 00:56:19 CST 2008


The following issue has been ASSIGNED. 
====================================================================== 
http://bugs.digium.com/view.php?id=11958 
====================================================================== 
Reported By:                norman
Assigned To:                Corydon76
====================================================================== 
Project:                    Asterisk
Issue ID:                   11958
Category:                   Channels/General
Reproducibility:            always
Severity:                   minor
Priority:                   normal
Status:                     closed
Asterisk Version:           1.4.18 
SVN Branch (only for SVN checkouts, not tarball releases): N/A 
SVN Revision (number only!):  
Disclaimer on File?:        N/A 
Request Review:              
Resolution:                 fixed
Fixed in Version:           
====================================================================== 
Date Submitted:             02-08-2008 19:23 CST
Last Modified:              03-07-2008 00:56 CST
====================================================================== 
Summary:                    ast_print_group misuses strncat
Description: 
ast_print_group does things like this:

strncat(buf, ", ", buflen);
strncat(buf, num, buflen);

However, strncat can write size+1 bytes (for the trailing \0.) Callers
pass in sizeof(buf), which could case a one-byte buffer overflow.
====================================================================== 

---------------------------------------------------------------------- 
 Corydon76 - 03-07-08 00:56  
---------------------------------------------------------------------- 
There.  It'll be in 1.4.19 now. 

Issue History 
Date Modified   Username       Field                    Change               
====================================================================== 
03-07-08 00:56  Corydon76      Note Added: 0083581                          
03-07-08 00:56  Corydon76      Assigned To              crich => Corydon76  
03-07-08 00:56  Corydon76      View Status              private => public   
======================================================================




More information about the asterisk-bugs mailing list