[asterisk-commits] russell: trunk r84371 - in /trunk: ./ channels/chan_sip.c

Tue Oct 2 09:13:28 CDT 2007

Author: russell
Date: Tue Oct  2 09:13:28 2007
New Revision: 84371

URL: http://svn.digium.com/view/asterisk?view=rev&rev=84371
Log:
Merged revisions 84370 via svnmerge from 
https://origsvn.digium.com/svn/asterisk/branches/1.4

........
r84370 | russell | 2007-10-02 09:12:35 -0500 (Tue, 02 Oct 2007) | 6 lines

Use snprintf instead of sprintf in one place.  There is no vulnerability here
due to various buffer sizes around the code, but I still didn't like seeing a
non length-limited copy of data coming off of the wire into a stack buffer, as
this would be a problem in the future if buffer sizes elsewhere got changed or
size limitations removed ...

........

Modified:
    trunk/   (props changed)
    trunk/channels/chan_sip.c

Propchange: trunk/
------------------------------------------------------------------------------
Binary property 'branch-1.4-merged' - no diff available.

Modified: trunk/channels/chan_sip.c
URL: http://svn.digium.com/view/asterisk/trunk/channels/chan_sip.c?view=diff&rev=84371&r1=84370&r2=84371
==============================================================================

--- trunk/channels/chan_sip.c (original)
+++ trunk/channels/chan_sip.c Tue Oct  2 09:13:28 2007
@@ -7737,7 +7737,7 @@
 			if (!ast_strlen_zero(p->refer->refer_to))
 				add_header(&req, "Refer-To", p->refer->refer_to);
 			if (!ast_strlen_zero(p->refer->referred_by)) {
-				sprintf(buf, "%s <%s>", p->refer->referred_by_name, p->refer->referred_by);
+				snprintf(buf, sizeof(buf), "%s <%s>", p->refer->referred_by_name, p->refer->referred_by);
 				add_header(&req, "Referred-By", buf);
 			}
 		}


