<p>George Joseph has uploaded this change for <strong>review</strong>.</p><p><a href="https://gerrit.asterisk.org/7129">View Change</a></p><pre style="font-family: monospace,monospace; white-space: pre-wrap;">AST-2017-010: Fix cdr_object_update_party_b_userfield_cb() buf overrun<br><br>cdr_object_update_party_b_userfield_cb() could overrun the fixed buffer if<br>the supplied string is too long.  The long string could be supplied by<br>external means using the CDR(userfield) function.<br><br>This may seem reminiscent to AST-2017-001 (ASTERISK_26897) and it is.  The<br>earlier patch fixed the buffer overrun for Party A's userfield while this<br>patch fixes the same thing for Party B's userfield.<br><br>ASTERISK-27337<br><br>Change-Id: I0fa767f65ecec7e676ca465306ff9e0edbf3b652<br>---<br>M main/cdr.c<br>1 file changed, 4 insertions(+), 2 deletions(-)<br><br></pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;">git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/29/7129/1</pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;">diff --git a/main/cdr.c b/main/cdr.c<br>index 06cadcd..723d92a 100644<br>--- a/main/cdr.c<br>+++ b/main/cdr.c<br>@@ -3255,7 +3255,8 @@<br>          }<br>             if (it_cdr->party_b.snapshot<br>                       && !strcasecmp(it_cdr->party_b.snapshot->name, info->channel_name)) {<br>-                       strcpy(it_cdr->party_b.userfield, info->userfield);<br>+                    ast_copy_string(it_cdr->party_b.userfield, info->userfield,<br>+                            sizeof(it_cdr->party_b.userfield));<br>                }<br>     }<br>     return 0;<br>@@ -3278,7 +3279,8 @@<br>                      if (it_cdr->fn_table == &finalized_state_fn_table && it_cdr->next != NULL) {<br>                                continue;<br>                     }<br>-                    ast_copy_string(it_cdr->party_a.userfield, userfield, AST_MAX_USER_FIELD);<br>+                        ast_copy_string(it_cdr->party_a.userfield, userfield,<br>+                             sizeof(it_cdr->party_a.userfield));<br>                }<br>             ao2_unlock(cdr);<br>      }<br></pre><p>To view, visit <a href="https://gerrit.asterisk.org/7129">change 7129</a>. To unsubscribe, visit <a href="https://gerrit.asterisk.org/settings">settings</a>.</p><div itemscope itemtype="http://schema.org/EmailMessage"><div itemscope itemprop="action" itemtype="http://schema.org/ViewAction"><link itemprop="url" href="https://gerrit.asterisk.org/7129"/><meta itemprop="name" content="View Change"/></div></div>

<div style="display:none"> Gerrit-Project: asterisk </div>
<div style="display:none"> Gerrit-Branch: 14 </div>
<div style="display:none"> Gerrit-MessageType: newchange </div>
<div style="display:none"> Gerrit-Change-Id: I0fa767f65ecec7e676ca465306ff9e0edbf3b652 </div>
<div style="display:none"> Gerrit-Change-Number: 7129 </div>
<div style="display:none"> Gerrit-PatchSet: 1 </div>
<div style="display:none"> Gerrit-Owner: George Joseph <gjoseph@digium.com> </div>
<div style="display:none"> Gerrit-Reviewer: Richard Mudgett <rmudgett@digium.com> </div>