[asterisk-commits] russell: branch 1.4 r108469 - /branches/1.4/apps/app_followme.c

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Thu Mar 13 15:26:29 CDT 2008


Author: russell
Date: Thu Mar 13 15:26:28 2008
New Revision: 108469

URL: http://svn.digium.com/view/asterisk?view=rev&rev=108469
Log:
Fix a couple uses of sprintf.  The second one could actually cause an overflow
of a stack buffer.  It's not a security issue though, it only depends on your
configuration.

Modified:
    branches/1.4/apps/app_followme.c

Modified: branches/1.4/apps/app_followme.c
URL: http://svn.digium.com/view/asterisk/branches/1.4/apps/app_followme.c?view=diff&rev=108469&r1=108468&r2=108469
==============================================================================
--- branches/1.4/apps/app_followme.c (original)
+++ branches/1.4/apps/app_followme.c Thu Mar 13 15:26:28 2008
@@ -818,9 +818,9 @@
 			}
 
 			if (!strcmp(tpargs->context, ""))
-				sprintf(dialarg, "%s", number);
+				snprintf(dialarg, sizeof(dialarg), "%s", number);
 			else
-				sprintf(dialarg, "%s@%s", number, tpargs->context);
+				snprintf(dialarg, sizeof(dialarg), "%s@%s", number, tpargs->context);
 					
 			tmpuser = ast_calloc(1, sizeof(*tmpuser));
 			if (!tmpuser) {




More information about the asterisk-commits mailing list