[Asterisk-code-review] AST-2017-010: Fix cdr object update party b userfield cb() b... (asterisk[15.1])

George Joseph asteriskteam at digium.com
Wed Nov 8 08:27:07 CST 2017


George Joseph has submitted this change and it was merged. ( https://gerrit.asterisk.org/7132 )

Change subject: AST-2017-010: Fix cdr_object_update_party_b_userfield_cb() buf overrun
......................................................................

AST-2017-010: Fix cdr_object_update_party_b_userfield_cb() buf overrun

cdr_object_update_party_b_userfield_cb() could overrun the fixed buffer if
the supplied string is too long.  The long string could be supplied by
external means using the CDR(userfield) function.

This may seem reminiscent to AST-2017-001 (ASTERISK_26897) and it is.  The
earlier patch fixed the buffer overrun for Party A's userfield while this
patch fixes the same thing for Party B's userfield.

ASTERISK-27337

Change-Id: I0fa767f65ecec7e676ca465306ff9e0edbf3b652
---
M main/cdr.c
1 file changed, 4 insertions(+), 2 deletions(-)

Approvals:
  Jenkins2: Verified
  Joshua Colp: Looks good to me, but someone else must approve
  George Joseph: Looks good to me, approved; Approved for Submit



diff --git a/main/cdr.c b/main/cdr.c
index d34503d..d9fbaf4 100644
--- a/main/cdr.c
+++ b/main/cdr.c
@@ -3252,7 +3252,8 @@
 		}
 		if (it_cdr->party_b.snapshot
 			&& !strcasecmp(it_cdr->party_b.snapshot->name, info->channel_name)) {
-			strcpy(it_cdr->party_b.userfield, info->userfield);
+			ast_copy_string(it_cdr->party_b.userfield, info->userfield,
+				sizeof(it_cdr->party_b.userfield));
 		}
 	}
 	return 0;
@@ -3275,7 +3276,8 @@
 			if (it_cdr->fn_table == &finalized_state_fn_table && it_cdr->next != NULL) {
 				continue;
 			}
-			ast_copy_string(it_cdr->party_a.userfield, userfield, AST_MAX_USER_FIELD);
+			ast_copy_string(it_cdr->party_a.userfield, userfield,
+				sizeof(it_cdr->party_a.userfield));
 		}
 		ao2_unlock(cdr);
 	}

-- 
To view, visit https://gerrit.asterisk.org/7132
To unsubscribe, visit https://gerrit.asterisk.org/settings

Gerrit-Project: asterisk
Gerrit-Branch: 15.1
Gerrit-MessageType: merged
Gerrit-Change-Id: I0fa767f65ecec7e676ca465306ff9e0edbf3b652
Gerrit-Change-Number: 7132
Gerrit-PatchSet: 1
Gerrit-Owner: George Joseph <gjoseph at digium.com>
Gerrit-Reviewer: George Joseph <gjoseph at digium.com>
Gerrit-Reviewer: Jenkins2
Gerrit-Reviewer: Joshua Colp <jcolp at digium.com>
Gerrit-Reviewer: Richard Mudgett <rmudgett at digium.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-code-review/attachments/20171108/65dde639/attachment.html>


More information about the asterisk-code-review mailing list