[Asterisk-code-review] res pjsip dtmf info: NULL terminate the message body. (asterisk[13])

[Joshua Colp]

Joshua Colp has uploaded a new change for review.

  https://gerrit.asterisk.org/2349

Change subject: res_pjsip_dtmf_info: NULL terminate the message body.
......................................................................

res_pjsip_dtmf_info: NULL terminate the message body.

PJSIP does not ensure that when printing the message body the
buffer will be NULL terminated. This is problematic when searching
for the signal and duration values of the DTMF.

This change ensures the buffer is always NULL terminated.

Change-Id: I52653a1a60c93092d06af31a27408d569cc98968
---
M res/res_pjsip_dtmf_info.c
1 file changed, 8 insertions(+), 4 deletions(-)


  git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/49/2349/1

diff --git a/res/res_pjsip_dtmf_info.c b/res/res_pjsip_dtmf_info.c
index 7b52250..2cbee32 100644
--- a/res/res_pjsip_dtmf_info.c
+++ b/res/res_pjsip_dtmf_info.c
@@ -82,14 +82,13 @@
 static int dtmf_info_incoming_request(struct ast_sip_session *session, struct pjsip_rx_data *rdata)
 {
 	pjsip_msg_body *body = rdata->msg_info.msg->body;
-	char buf[body ? body->len : 0];
+	char buf[body ? body->len + 1 : 0];
 	char *cur = buf;
 	char *line;
-
 	char event = '\0';
 	unsigned int duration = 100;
-
 	char is_dtmf;
+	int res;
 
 	if (!session->channel) {
 		return 0;
@@ -107,7 +106,12 @@
 		return 0;
 	}
 
-	body->print_body(body, buf, body->len);
+	res = body->print_body(body, buf, body->len);
+	if (res < 0) {
+		send_response(session, rdata, 500);
+		return 0;
+	}
+	buf[res] = '\0';
 
 	if (is_dtmf) {
 		/* directly use what is in the message body */

-- 
To view, visit https://gerrit.asterisk.org/2349
To unsubscribe, visit https://gerrit.asterisk.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I52653a1a60c93092d06af31a27408d569cc98968
Gerrit-PatchSet: 1
Gerrit-Project: asterisk
Gerrit-Branch: 13
Gerrit-Owner: Joshua Colp <jcolp at digium.com>