[asterisk-commits] kpfleming: trunk r40058 - in /trunk: ./ channels/chan_mgcp.c

asterisk-commits at lists.digium.com asterisk-commits at lists.digium.com
Wed Aug 16 11:58:44 MST 2006


Author: kpfleming
Date: Wed Aug 16 13:58:43 2006
New Revision: 40058

URL: http://svn.digium.com/view/asterisk?rev=40058&view=rev
Log:
Merged revisions 40057 via svnmerge from 
https://origsvn.digium.com/svn/asterisk/branches/1.2

........
r40057 | kpfleming | 2006-08-16 13:57:44 -0500 (Wed, 16 Aug 2006) | 2 lines

don't allow AUEP responses to overflow the stack during a string copy (reported by Mu Security)

........

Modified:
    trunk/   (props changed)
    trunk/channels/chan_mgcp.c

Propchange: trunk/
------------------------------------------------------------------------------
Binary property 'branch-1.2-merged' - no diff available.

Modified: trunk/channels/chan_mgcp.c
URL: http://svn.digium.com/view/asterisk/trunk/channels/chan_mgcp.c?rev=40058&r1=40057&r2=40058&view=diff
==============================================================================
--- trunk/channels/chan_mgcp.c (original)
+++ trunk/channels/chan_mgcp.c Wed Aug 16 13:58:43 2006
@@ -2460,12 +2460,14 @@
 						if (strncasecmp(v, p->sub->cxident, len) &&
 						    strncasecmp(v, p->sub->next->cxident, len)) {
 							/* connection id not found. delete it */
-							char cxident[80];
-							memcpy(cxident, v, len);
-							cxident[len] = '\0';
+							char cxident[80] = "";
+
+							if (len > (sizeof(cxident) - 1))
+								len = sizeof(cxident) - 1;
+							ast_copy_string(cxident, v, len);
 							if (option_verbose > 2) {
 								ast_verbose(VERBOSE_PREFIX_3 "Non existing connection id %s on %s@%s \n", 
-									cxident, p->name, gw->name);
+									    cxident, p->name, gw->name);
 							}
 							transmit_connection_del_w_params(p, NULL, cxident);
 						}



More information about the asterisk-commits mailing list