[asterisk-commits] tilghman: branch 1.2 r42355 -
/branches/1.2/apps/app_record.c
asterisk-commits at lists.digium.com
asterisk-commits at lists.digium.com
Thu Sep 7 16:12:30 MST 2006
Author: tilghman
Date: Thu Sep 7 18:12:29 2006
New Revision: 42355
URL: http://svn.digium.com/view/asterisk?rev=42355&view=rev
Log:
Format vulnerability fix - allowing the user to specify a format is not a good idea (Bug 7811)
Modified:
branches/1.2/apps/app_record.c
Modified: branches/1.2/apps/app_record.c
URL: http://svn.digium.com/view/asterisk/branches/1.2/apps/app_record.c?rev=42355&r1=42354&r2=42355&view=diff
==============================================================================
--- branches/1.2/apps/app_record.c (original)
+++ branches/1.2/apps/app_record.c Thu Sep 7 18:12:29 2006
@@ -41,6 +41,7 @@
#include "asterisk/dsp.h"
#include "asterisk/utils.h"
#include "asterisk/options.h"
+#include "asterisk/app.h"
static char *tdesc = "Trivial Record Application";
@@ -183,8 +184,35 @@
/* these are to allow the use of the %d in the config file for a wild card of sort to
create a new file with the inputed name scheme */
if (percentflag) {
+ AST_DECLARE_APP_ARGS(fname,
+ AST_APP_ARG(piece)[100];
+ );
+ char *tmp2 = ast_strdupa(filename);
+ char countstring[15];
+ int i;
+
+ /* Separate each piece out by the format specifier */
+ /* AST_NONSTANDARD_APP_ARGS(fname, tmp2, '%'); */
+ fname.argc = ast_app_separate_args(tmp2, '%', fname.argv, (sizeof(fname) - sizeof(fname.argc)) / sizeof(fname.argv[0]));
do {
- snprintf(tmp, sizeof(tmp), filename, count);
+ int tmplen;
+ /* First piece has no leading percent, so it's copied verbatim */
+ ast_copy_string(tmp, fname.piece[0], sizeof(tmp));
+ tmplen = strlen(tmp);
+ for (i = 1; i < fname.argc; i++) {
+ if (fname.piece[i][0] == 'd') {
+ /* Substitute the count */
+ snprintf(countstring, sizeof(countstring), "%d", count);
+ ast_copy_string(tmp + tmplen, countstring, sizeof(tmp) - tmplen);
+ tmplen += strlen(countstring);
+ } else if (tmplen + 2 < sizeof(tmp)) {
+ /* Unknown format specifier - just copy it verbatim */
+ tmp[tmplen++] = '%';
+ tmp[tmplen++] = fname.piece[i][0];
+ }
+ /* Copy the remaining portion of the piece */
+ ast_copy_string(tmp + tmplen, &(fname.piece[i][1]), sizeof(tmp) - tmplen);
+ }
count++;
} while ( ast_fileexists(tmp, ext, chan->language) != -1 );
pbx_builtin_setvar_helper(chan, "RECORDED_FILE", tmp);
More information about the asterisk-commits
mailing list