[Asterisk-code-review] CDR: Protect from data overflow in ast cdr setuserfield. (asterisk[certified/13.13])

Joshua Colp asteriskteam at digium.com
Tue Apr 4 06:19:12 CDT 2017


Joshua Colp has submitted this change and it was merged. ( https://gerrit.asterisk.org/5391 )

Change subject: CDR: Protect from data overflow in ast_cdr_setuserfield.
......................................................................


CDR: Protect from data overflow in ast_cdr_setuserfield.

ast_cdr_setuserfield wrote to a fixed length field using strcpy. This could
result in a buffer overrun when called from chan_sip or func_cdr. This patch
adds a maximum bytes written to the field by using ast_copy_string instead.

ASTERISK-26897 #close
patches:
  0001-CDR-Protect-from-data-overflow-in-ast_cdr_setuserfie.patch submitted
    by Corey Farrell (license #5909)

Change-Id: Ib23ca77e9b9e2803a450e1206af45df2d2fdf65c
---
M main/cdr.c
1 file changed, 1 insertion(+), 1 deletion(-)

Approvals:
  Joshua Colp: Looks good to me, approved; Verified



diff --git a/main/cdr.c b/main/cdr.c
index 5e515d8..09355a1 100644
--- a/main/cdr.c
+++ b/main/cdr.c
@@ -3254,7 +3254,7 @@
 			if (it_cdr->fn_table == &finalized_state_fn_table) {
 				continue;
 			}
-			strcpy(it_cdr->party_a.userfield, userfield);
+			ast_copy_string(it_cdr->party_a.userfield, userfield, AST_MAX_USER_FIELD);
 		}
 		ao2_unlock(cdr);
 	}

-- 
To view, visit https://gerrit.asterisk.org/5391
To unsubscribe, visit https://gerrit.asterisk.org/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: Ib23ca77e9b9e2803a450e1206af45df2d2fdf65c
Gerrit-PatchSet: 1
Gerrit-Project: asterisk
Gerrit-Branch: certified/13.13
Gerrit-Owner: Joshua Colp <jcolp at digium.com>
Gerrit-Reviewer: Corey Farrell <git at cfware.com>
Gerrit-Reviewer: Joshua Colp <jcolp at digium.com>



More information about the asterisk-code-review mailing list