<p>George Joseph has uploaded this change for <strong>review</strong>.</p><p><a href="https://gerrit.asterisk.org/7131">View Change</a></p><pre style="font-family: monospace,monospace; white-space: pre-wrap;">AST-2017-010: Fix cdr_object_update_party_b_userfield_cb() buf overrun<br><br>cdr_object_update_party_b_userfield_cb() could overrun the fixed buffer if<br>the supplied string is too long.  The long string could be supplied by<br>external means using the CDR(userfield) function.<br><br>This may seem reminiscent to AST-2017-001 (ASTERISK_26897) and it is.  The<br>earlier patch fixed the buffer overrun for Party A's userfield while this<br>patch fixes the same thing for Party B's userfield.<br><br>ASTERISK-27337<br><br>Change-Id: I0fa767f65ecec7e676ca465306ff9e0edbf3b652<br>---<br>M main/cdr.c<br>1 file changed, 4 insertions(+), 2 deletions(-)<br><br></pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;">git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/31/7131/1</pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;">diff --git a/main/cdr.c b/main/cdr.c<br>index fdf7645..3681cdc 100644<br>--- a/main/cdr.c<br>+++ b/main/cdr.c<br>@@ -3407,7 +3407,8 @@<br>          ast_assert(cdr->party_b.snapshot<br>                   && !strcasecmp(cdr->party_b.snapshot->name, info->channel_name));<br> <br>-                strcpy(cdr->party_b.userfield, info->userfield);<br>+               ast_copy_string(cdr->party_b.userfield, info->userfield,<br>+                       sizeof(cdr->party_b.userfield));<br>   }<br> <br>  return 0;<br>@@ -3430,7 +3431,8 @@<br>                      if (it_cdr->fn_table == &finalized_state_fn_table && it_cdr->next != NULL) {<br>                                continue;<br>                     }<br>-                    ast_copy_string(it_cdr->party_a.userfield, userfield, AST_MAX_USER_FIELD);<br>+                        ast_copy_string(it_cdr->party_a.userfield, userfield,<br>+                             sizeof(it_cdr->party_a.userfield));<br>                }<br>             ao2_unlock(cdr);<br>      }<br></pre><p>To view, visit <a href="https://gerrit.asterisk.org/7131">change 7131</a>. To unsubscribe, visit <a href="https://gerrit.asterisk.org/settings">settings</a>.</p><div itemscope itemtype="http://schema.org/EmailMessage"><div itemscope itemprop="action" itemtype="http://schema.org/ViewAction"><link itemprop="url" href="https://gerrit.asterisk.org/7131"/><meta itemprop="name" content="View Change"/></div></div>

<div style="display:none"> Gerrit-Project: asterisk </div>
<div style="display:none"> Gerrit-Branch: 15 </div>
<div style="display:none"> Gerrit-MessageType: newchange </div>
<div style="display:none"> Gerrit-Change-Id: I0fa767f65ecec7e676ca465306ff9e0edbf3b652 </div>
<div style="display:none"> Gerrit-Change-Number: 7131 </div>
<div style="display:none"> Gerrit-PatchSet: 1 </div>
<div style="display:none"> Gerrit-Owner: George Joseph <gjoseph@digium.com> </div>
<div style="display:none"> Gerrit-Reviewer: Richard Mudgett <rmudgett@digium.com> </div>