[asterisk-commits] tilghman: trunk r42356 - in /trunk: ./ apps/app_record.c

asterisk-commits at lists.digium.com asterisk-commits at lists.digium.com
Thu Sep 7 16:15:44 MST 2006 

Author: tilghman
Date: Thu Sep  7 18:15:43 2006
New Revision: 42356

URL: http://svn.digium.com/view/asterisk?rev=42356&view=rev
Log:
Merged revisions 42355 via svnmerge from 
https://origsvn.digium.com/svn/asterisk/branches/1.2

........
r42355 | tilghman | 2006-09-07 18:12:29 -0500 (Thu, 07 Sep 2006) | 2 lines

Format vulnerability fix - allowing the user to specify a format is not a good idea (Bug 7811)

........

Modified:
    trunk/   (props changed)
    trunk/apps/app_record.c

Propchange: trunk/
------------------------------------------------------------------------------
Binary property 'branch-1.2-merged' - no diff available.

Modified: trunk/apps/app_record.c
URL: http://svn.digium.com/view/asterisk/trunk/apps/app_record.c?rev=42356&r1=42355&r2=42356&view=diff
==============================================================================
--- trunk/apps/app_record.c (original)
+++ trunk/apps/app_record.c Thu Sep  7 18:15:43 2006
@@ -43,6 +43,7 @@
 #include "asterisk/dsp.h"
 #include "asterisk/utils.h"
 #include "asterisk/options.h"
+#include "asterisk/app.h"
 
 
 static char *app = "Record";
@@ -179,8 +180,34 @@
 	/* these are to allow the use of the %d in the config file for a wild card of sort to
 	  create a new file with the inputed name scheme */
 	if (percentflag) {
+		AST_DECLARE_APP_ARGS(fname,
+			AST_APP_ARG(piece)[100];
+		);
+		char *tmp2 = ast_strdupa(filename);
+		char countstring[15];
+		int i;
+
+		/* Separate each piece out by the format specifier */
+		AST_NONSTANDARD_APP_ARGS(fname, tmp2, '%');
 		do {
-			snprintf(tmp, sizeof(tmp), filename, count);
+			int tmplen;
+			/* First piece has no leading percent, so it's copied verbatim */
+			ast_copy_string(tmp, fname.piece[0], sizeof(tmp));
+			tmplen = strlen(tmp);
+			for (i = 1; i < fname.argc; i++) {
+				if (fname.piece[i][0] == 'd') {
+					/* Substitute the count */
+					snprintf(countstring, sizeof(countstring), "%d", count);
+					ast_copy_string(tmp + tmplen, countstring, sizeof(tmp) - tmplen);
+					tmplen += strlen(countstring);
+				} else if (tmplen + 2 < sizeof(tmp)) {
+					/* Unknown format specifier - just copy it verbatim */
+					tmp[tmplen++] = '%';
+					tmp[tmplen++] = fname.piece[i][0];
+				}
+				/* Copy the remaining portion of the piece */
+				ast_copy_string(tmp + tmplen, &(fname.piece[i][1]), sizeof(tmp) - tmplen);
+			}
 			count++;
 		} while ( ast_fileexists(tmp, ext, chan->language) != -1 );
 		pbx_builtin_setvar_helper(chan, "RECORDED_FILE", tmp);

More information about the asterisk-commits mailing list