[asterisk-commits] tilghman: branch 1.6.0 r106554 - in /branches/1.6.0: ./ apps/ channels/ funcs...

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Fri Mar 7 00:57:44 CST 2008


Author: tilghman
Date: Fri Mar  7 00:57:44 2008
New Revision: 106554

URL: http://svn.digium.com/view/asterisk?view=rev&rev=106554
Log:
Merged revisions 106553 via svnmerge from 
https://origsvn.digium.com/svn/asterisk/trunk

................
r106553 | tilghman | 2008-03-07 00:54:47 -0600 (Fri, 07 Mar 2008) | 14 lines

Merged revisions 106552 via svnmerge from 
https://origsvn.digium.com/svn/asterisk/branches/1.4

........
r106552 | tilghman | 2008-03-07 00:36:33 -0600 (Fri, 07 Mar 2008) | 6 lines

Safely use the strncat() function.
(closes issue #11958)
 Reported by: norman
 Patches: 
       20080209__bug11958.diff.txt uploaded by Corydon76 (license 14)

........

................

Modified:
    branches/1.6.0/   (props changed)
    branches/1.6.0/apps/app_chanspy.c
    branches/1.6.0/apps/app_rpt.c
    branches/1.6.0/apps/app_speech_utils.c
    branches/1.6.0/apps/app_voicemail.c
    branches/1.6.0/channels/chan_misdn.c
    branches/1.6.0/channels/chan_sip.c
    branches/1.6.0/funcs/func_enum.c
    branches/1.6.0/funcs/func_odbc.c
    branches/1.6.0/funcs/func_strings.c
    branches/1.6.0/main/asterisk.c
    branches/1.6.0/main/channel.c
    branches/1.6.0/main/frame.c
    branches/1.6.0/utils/extconf.c

Propchange: branches/1.6.0/
------------------------------------------------------------------------------
--- trunk-merged (original)
+++ trunk-merged Fri Mar  7 00:57:44 2008
@@ -1,1 +1,1 @@
-/trunk:1-105595,105675,105677,105733-105734,105773,105785,105804,105840-105841,105864,105899,105933,106036,106040,106139,106186,106238-106239,106329,106346,106399,106438-106439,106501,106507,106518
+/trunk:1-105595,105675,105677,105733-105734,105773,105785,105804,105840-105841,105864,105899,105933,106036,106040,106139,106186,106238-106239,106329,106346,106399,106438-106439,106501,106507,106518,106553

Modified: branches/1.6.0/apps/app_chanspy.c
URL: http://svn.digium.com/view/asterisk/branches/1.6.0/apps/app_chanspy.c?view=diff&rev=106554&r1=106553&r2=106554
==============================================================================
--- branches/1.6.0/apps/app_chanspy.c (original)
+++ branches/1.6.0/apps/app_chanspy.c Fri Mar  7 00:57:44 2008
@@ -682,7 +682,7 @@
 				continue;
 
 			strcpy(peer_name, "spy-");
-			strncat(peer_name, peer->name, AST_NAME_STRLEN);
+			strncat(peer_name, peer->name, AST_NAME_STRLEN - 4 - 1);
 			ptr = strchr(peer_name, '/');
 			*ptr++ = '\0';
 

Modified: branches/1.6.0/apps/app_rpt.c
URL: http://svn.digium.com/view/asterisk/branches/1.6.0/apps/app_rpt.c?view=diff&rev=106554&r1=106553&r2=106554
==============================================================================
--- branches/1.6.0/apps/app_rpt.c (original)
+++ branches/1.6.0/apps/app_rpt.c Fri Mar  7 00:57:44 2008
@@ -3321,7 +3321,7 @@
 		return DC_ERROR;
 	}
 	myrpt->macrotimer = MACROTIME;
-	strncat(myrpt->macrobuf, val, sizeof(myrpt->macrobuf) - 1);
+	strncat(myrpt->macrobuf, val, sizeof(myrpt->macrobuf) - strlen(myrpt->macrobuf) - 1);
 	rpt_mutex_unlock(&myrpt->lock);
 	return DC_COMPLETE;	
 }
@@ -3369,7 +3369,7 @@
 		return DC_ERROR;
 	}
 	myrpt->gosubtimer = GOSUBTIME;
-	strncat(myrpt->gosubbuf, val, sizeof(myrpt->gosubbuf) - 1);
+	strncat(myrpt->gosubbuf, val, sizeof(myrpt->gosubbuf) - strlen(myrpt->gosubbuf) - 1);
 	rpt_mutex_unlock(&myrpt->lock);
 	return DC_COMPLETE;	
 }

Modified: branches/1.6.0/apps/app_speech_utils.c
URL: http://svn.digium.com/view/asterisk/branches/1.6.0/apps/app_speech_utils.c?view=diff&rev=106554&r1=106553&r2=106554
==============================================================================
--- branches/1.6.0/apps/app_speech_utils.c (original)
+++ branches/1.6.0/apps/app_speech_utils.c Fri Mar  7 00:57:44 2008
@@ -696,7 +696,7 @@
 					}
 					time(&start);
 					snprintf(tmp, sizeof(tmp), "%c", f->subclass);
-					strncat(dtmf, tmp, sizeof(dtmf));
+					strncat(dtmf, tmp, sizeof(dtmf) - strlen(dtmf) - 1);
 					/* If the maximum length of the DTMF has been reached, stop now */
 					if (max_dtmf_len && strlen(dtmf) == max_dtmf_len)
 						done = 1;

Modified: branches/1.6.0/apps/app_voicemail.c
URL: http://svn.digium.com/view/asterisk/branches/1.6.0/apps/app_voicemail.c?view=diff&rev=106554&r1=106553&r2=106554
==============================================================================
--- branches/1.6.0/apps/app_voicemail.c (original)
+++ branches/1.6.0/apps/app_voicemail.c Fri Mar  7 00:57:44 2008
@@ -4085,8 +4085,8 @@
 	make_file(msgfile, sizeof(msgfile), curdir, curmsg);
 	strcpy(textfile, msgfile);
 	strcpy(backup, msgfile);
-	strncat(textfile, ".txt", sizeof(textfile) - 1);
-	strncat(backup, "-bak", sizeof(backup) - 1);
+	strncat(textfile, ".txt", sizeof(textfile) - strlen(textfile) - 1);
+	strncat(backup, "-bak", sizeof(backup) - strlen(backup) - 1);
 
 	msg_cfg = ast_config_load(textfile, config_flags);
 

Modified: branches/1.6.0/channels/chan_misdn.c
URL: http://svn.digium.com/view/asterisk/branches/1.6.0/channels/chan_misdn.c?view=diff&rev=106554&r1=106553&r2=106554
==============================================================================
--- branches/1.6.0/channels/chan_misdn.c (original)
+++ branches/1.6.0/channels/chan_misdn.c Fri Mar  7 00:57:44 2008
@@ -2384,12 +2384,12 @@
 	switch (p->state ) {
 	case MISDN_CALLING:
 		if (strlen(bc->infos_pending) < sizeof(bc->infos_pending) - 1)
-			strncat(bc->infos_pending, buf, sizeof(bc->infos_pending) - 1);
+			strncat(bc->infos_pending, buf, sizeof(bc->infos_pending) - strlen(bc->infos_pending) - 1);
 		break;
 	case MISDN_CALLING_ACKNOWLEDGE:
 		ast_copy_string(bc->info_dad, buf, sizeof(bc->info_dad));
 		if (strlen(bc->dad) < sizeof(bc->dad) - 1)
-			strncat(bc->dad, buf, sizeof(bc->dad) - 1);
+			strncat(bc->dad, buf, sizeof(bc->dad) - strlen(bc->dad) - 1);
 		ast_copy_string(p->ast->exten, bc->dad, sizeof(p->ast->exten));
 		misdn_lib_send_event( bc, EVENT_INFORMATION);
 		break;
@@ -4112,7 +4112,7 @@
 				ast_copy_string(bc->info_dad, bc->keypad, sizeof(bc->info_dad));
 			}
 
-			strncat(bc->dad,bc->info_dad, sizeof(bc->dad) - 1);
+			strncat(bc->dad,bc->info_dad, sizeof(bc->dad) - strlen(bc->dad) - 1);
 			ast_copy_string(ch->ast->exten, bc->dad, sizeof(ch->ast->exten));
 
 			/* Check for Pickup Request first */
@@ -4186,7 +4186,7 @@
 			misdn_cfg_get(0, MISDN_GEN_APPEND_DIGITS2EXTEN, &digits, sizeof(digits));
 			if (ch->state != MISDN_CONNECTED ) {
 				if (digits) {
-					strncat(bc->dad, bc->info_dad, sizeof(bc->dad) - 1);
+					strncat(bc->dad, bc->info_dad, sizeof(bc->dad) - strlen(bc->dad) - 1);
 					ast_copy_string(ch->ast->exten, bc->dad, sizeof(ch->ast->exten));
 					ast_cdr_update(ch->ast);
 				}

Modified: branches/1.6.0/channels/chan_sip.c
URL: http://svn.digium.com/view/asterisk/branches/1.6.0/channels/chan_sip.c?view=diff&rev=106554&r1=106553&r2=106554
==============================================================================
--- branches/1.6.0/channels/chan_sip.c (original)
+++ branches/1.6.0/channels/chan_sip.c Fri Mar  7 00:57:44 2008
@@ -2208,7 +2208,7 @@
 				ast_mutex_unlock(req.socket.lock);
 			if (me->stop) 
 				 goto cleanup;
-			strncat(req.data, buf, sizeof(req.data) - req.len);
+			strncat(req.data, buf, sizeof(req.data) - req.len - 1);
 			req.len = strlen(req.data);
 		}
 		parse_copy(&reqcpy, &req);
@@ -2223,7 +2223,7 @@
 				if (me->stop)
 					goto cleanup;
 				cl -= strlen(buf);
-				strncat(req.data, buf, sizeof(req.data) - req.len);
+				strncat(req.data, buf, sizeof(req.data) - req.len - 1);
 				req.len = strlen(req.data);
 			}
 		}

Modified: branches/1.6.0/funcs/func_enum.c
URL: http://svn.digium.com/view/asterisk/branches/1.6.0/funcs/func_enum.c?view=diff&rev=106554&r1=106553&r2=106554
==============================================================================
--- branches/1.6.0/funcs/func_enum.c (original)
+++ branches/1.6.0/funcs/func_enum.c Fri Mar  7 00:57:44 2008
@@ -93,7 +93,7 @@
 	for (s = p = args.number; *s; s++) {
 		if (*s != '-') {
 			snprintf(tmp, sizeof(tmp), "%c", *s);
-			strncat(num, tmp, sizeof(num));
+			strncat(num, tmp, sizeof(num) - strlen(num) - 1);
 		}
 
 	}

Modified: branches/1.6.0/funcs/func_odbc.c
URL: http://svn.digium.com/view/asterisk/branches/1.6.0/funcs/func_odbc.c?view=diff&rev=106554&r1=106553&r2=106554
==============================================================================
--- branches/1.6.0/funcs/func_odbc.c (original)
+++ branches/1.6.0/funcs/func_odbc.c Fri Mar  7 00:57:44 2008
@@ -379,7 +379,7 @@
 				}
 
 				if (!ast_strlen_zero(colnames))
-					strncat(colnames, ",", sizeof(colnames) - 1);
+					strncat(colnames, ",", sizeof(colnames) - strlen(colnames) - 1);
 				namelen = strlen(colnames);
 
 				/* Copy data, encoding '\' and ',' for the argument parser */

Modified: branches/1.6.0/funcs/func_strings.c
URL: http://svn.digium.com/view/asterisk/branches/1.6.0/funcs/func_strings.c?view=diff&rev=106554&r1=106553&r2=106554
==============================================================================
--- branches/1.6.0/funcs/func_strings.c (original)
+++ branches/1.6.0/funcs/func_strings.c Fri Mar  7 00:57:44 2008
@@ -322,7 +322,7 @@
 	AST_LIST_TRAVERSE(&chan->varshead, newvar, entries) {
 		if (strncasecmp(prefix, ast_var_name(newvar), plen) == 0) {
 			/* Copy everything after the prefix */
-			strncat(buf, ast_var_name(newvar) + plen, len);
+			strncat(buf, ast_var_name(newvar) + plen, len - strlen(buf) - 1);
 			/* Trim the trailing ~ */
 			buf[strlen(buf) - 1] = ',';
 		}
@@ -387,8 +387,8 @@
 		for (i = 0; i < arg2.argc; i++) {
 			snprintf(varname, sizeof(varname), HASH_FORMAT, arg.hashname, arg2.col[i]);
 			varvalue = pbx_builtin_getvar_helper(chan, varname);
-			strncat(buf, varvalue, len);
-			strncat(buf, ",", len);
+			strncat(buf, varvalue, len - strlen(buf) - 1);
+			strncat(buf, ",", len - strlen(buf) - 1);
 		}
 
 		/* Strip trailing comma */

Modified: branches/1.6.0/main/asterisk.c
URL: http://svn.digium.com/view/asterisk/branches/1.6.0/main/asterisk.c?view=diff&rev=106554&r1=106553&r2=106554
==============================================================================
--- branches/1.6.0/main/asterisk.c (original)
+++ branches/1.6.0/main/asterisk.c Fri Mar  7 00:57:44 2008
@@ -2060,10 +2060,12 @@
 		if (color_used) {
 			/* Force colors back to normal at end */
 			term_color_code(term_code, COLOR_WHITE, COLOR_BLACK, sizeof(term_code));
-			if (strlen(term_code) > sizeof(prompt) - strlen(prompt))
-				strncat(prompt + sizeof(prompt) - strlen(term_code) - 1, term_code, strlen(term_code));
-			else
+			if (strlen(term_code) > sizeof(prompt) - strlen(prompt) - 1) {
+				ast_copy_string(prompt + sizeof(prompt) - strlen(term_code) - 1, term_code, strlen(term_code) + 1);
+			} else {
+				/* This looks wrong, but we've already checked the length of term_code to ensure it's safe */
 				strncat(p, term_code, sizeof(term_code));
+			}
 		}
 	} else if (remotehostname)
 		snprintf(prompt, sizeof(prompt), ASTERISK_PROMPT2, remotehostname);

Modified: branches/1.6.0/main/channel.c
URL: http://svn.digium.com/view/asterisk/branches/1.6.0/main/channel.c?view=diff&rev=106554&r1=106553&r2=106554
==============================================================================
--- branches/1.6.0/main/channel.c (original)
+++ branches/1.6.0/main/channel.c Fri Mar  7 00:57:44 2008
@@ -4774,12 +4774,12 @@
 	for (i = 0; i <= 63; i++) {	/* Max group is 63 */
 		if (group & ((ast_group_t) 1 << i)) {
 	   		if (!first) {
-				strncat(buf, ", ", buflen);
+				strncat(buf, ", ", buflen - strlen(buf) - 1);
 			} else {
 				first = 0;
 	  		}
 			snprintf(num, sizeof(num), "%u", i);
-			strncat(buf, num, buflen);
+			strncat(buf, num, buflen - strlen(buf) - 1);
 		}
 	}
 	return buf;

Modified: branches/1.6.0/main/frame.c
URL: http://svn.digium.com/view/asterisk/branches/1.6.0/main/frame.c?view=diff&rev=106554&r1=106553&r2=106554
==============================================================================
--- branches/1.6.0/main/frame.c (original)
+++ branches/1.6.0/main/frame.c Fri Mar  7 00:57:44 2008
@@ -992,16 +992,16 @@
 			slen = strlen(formatname);
 			if (slen > total_len)
 				break;
-			strncat(buf,formatname,total_len);
+			strncat(buf, formatname, total_len - 1); /* safe */
 			total_len -= slen;
 		}
 		if (total_len && x < 31 && ast_codec_pref_index(pref , x + 1)) {
-			strncat(buf,"|",total_len);
+			strncat(buf, "|", total_len - 1); /* safe */
 			total_len--;
 		}
 	}
 	if (total_len) {
-		strncat(buf,")",total_len);
+		strncat(buf, ")", total_len - 1); /* safe */
 		total_len--;
 	}
 

Modified: branches/1.6.0/utils/extconf.c
URL: http://svn.digium.com/view/asterisk/branches/1.6.0/utils/extconf.c?view=diff&rev=106554&r1=106553&r2=106554
==============================================================================
--- branches/1.6.0/utils/extconf.c (original)
+++ branches/1.6.0/utils/extconf.c Fri Mar  7 00:57:44 2008
@@ -476,7 +476,7 @@
 			return;
 		comment_buffer_size += CB_INCR+len+1;
 	}
-	strncat(comment_buffer,str,len);
+	strncat(comment_buffer,str,len); /* safe */
 	comment_buffer[cbl+len-1] = 0;
 }
 




More information about the asterisk-commits mailing list