[asterisk-commits] mmichelson: trunk r111662 - in /trunk: channels/ include/asterisk/

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Fri Mar 28 11:37:00 CDT 2008 

Author: mmichelson
Date: Fri Mar 28 11:36:59 2008
New Revision: 111662

URL: http://svn.digium.com/view/asterisk?view=rev&rev=111662
Log:
The copy_request function did not take into account the necessary null terminator
for the string to be copied into. This resulted in parse_request reading invalid
memory beyond the end of the string, and in some cases led to crashes. Thanks
to falves11 for providing the valgrind output which led to the closure of this issue.

(closes issue #12284)
Reported by: falves11


Modified:
    trunk/channels/chan_sip.c
    trunk/include/asterisk/strings.h

Modified: trunk/channels/chan_sip.c
URL: http://svn.digium.com/view/asterisk/trunk/channels/chan_sip.c?view=diff&rev=111662&r1=111661&r2=111662
==============================================================================
--- trunk/channels/chan_sip.c (original)
+++ trunk/channels/chan_sip.c Fri Mar 28 11:36:59 2008
@@ -8308,15 +8308,15 @@
 	if (!dst->data && !(dst->data = ast_str_create(src->data->used)))
 		return;
 	else if (dst->data->len < src->data->used)
-		ast_str_make_space(&dst->data, src->data->used);
+		ast_str_make_space(&dst->data, src->data->used + 1); /* Account for null terminator needed */
 		
-	memcpy(dst->data->str, src->data->str, src->data->used);
+	ast_copy_string(dst->data->str, src->data->str, dst->data->len);
 	dst->data->used = src->data->used;
 	offset = ((void *)dst->data->str) - ((void *)src->data->str);
 	/* Now fix pointer arithmetic */
-	for (x=0; x < src->headers; x++)
+	for (x = 0; x < src->headers; x++)
 		dst->header[x] += offset;
-	for (x=0; x < src->lines; x++)
+	for (x = 0; x < src->lines; x++)
 		dst->line[x] += offset;
 	/* On some occasions this function is called without parse_request being called first so lets not create an invalid pointer */
 	if (src->rlPart1)

Modified: trunk/include/asterisk/strings.h
URL: http://svn.digium.com/view/asterisk/trunk/include/asterisk/strings.h?view=diff&rev=111662&r1=111661&r2=111662
==============================================================================
--- trunk/include/asterisk/strings.h (original)
+++ trunk/include/asterisk/strings.h Fri Mar 28 11:36:59 2008
@@ -326,7 +326,7 @@
  */
 struct ast_str {
 	size_t len;	/*!< The current maximum length of the string */
-	size_t used;	/*!< Amount of space used */
+	size_t used;	/*!< Amount of space used. Does not include string's null terminator */
 	struct ast_threadstorage *ts;	/*!< What kind of storage is this ? */
 #define DS_MALLOC	((struct ast_threadstorage *)1)
 #define DS_ALLOCA	((struct ast_threadstorage *)2)

More information about the asterisk-commits mailing list