[asterisk-commits] mmichelson: branch 1.6.0 r174820 - in /branches/1.6.0: ./ apps/app_chanspy.c

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Tue Feb 10 17:20:28 CST 2009 

Author: mmichelson
Date: Tue Feb 10 17:20:27 2009
New Revision: 174820

URL: http://svn.digium.com/svn-view/asterisk?view=rev&rev=174820
Log:
Merged revisions 174805 via svnmerge from 
https://origsvn.digium.com/svn/asterisk/trunk

........
r174805 | mmichelson | 2009-02-10 17:17:03 -0600 (Tue, 10 Feb 2009) | 11 lines

Fix potential for stack overflows in app_chanspy.c

When using the 'g' or 'e' options, the stack allocations that
were used could cause a stack overflow if a spyer stayed on the
line long enough without actually successfully spying on anyone.

The problem has been corrected by using static buffers and copying
the contents of the appropriate strings into them instead of using
functions like alloca or ast_strdupa


........

Modified:
    branches/1.6.0/   (props changed)
    branches/1.6.0/apps/app_chanspy.c

Propchange: branches/1.6.0/
------------------------------------------------------------------------------
Binary property 'trunk-merged' - no diff available.

Modified: branches/1.6.0/apps/app_chanspy.c
URL: http://svn.digium.com/svn-view/asterisk/branches/1.6.0/apps/app_chanspy.c?view=diff&rev=174820&r1=174819&r2=174820
==============================================================================
--- branches/1.6.0/apps/app_chanspy.c (original)
+++ branches/1.6.0/apps/app_chanspy.c Tue Feb 10 17:20:27 2009
@@ -613,18 +613,9 @@
 			 chanspy_ds_free(peer_chanspy_ds), prev = peer,
 		     peer_chanspy_ds = next_chanspy_ds ? next_chanspy_ds : 
 			 	next_channel(chan, prev, spec, exten, context, &chanspy_ds), next_chanspy_ds = NULL) {
-			const char *group;
 			int igrp = !mygroup;
-			char *groups[25];
-			int num_groups = 0;
-			char dup_group[512];
-			int x;
+			int ienf = !myenforced;
 			char *s;
-			char *buffer;
-			char *end;
-			char *ext;
-			char *form_enforced;
-			int ienf = !myenforced;
 
 			peer = peer_chanspy_ds->chan;
 
@@ -653,6 +644,11 @@
 			}
 
 			if (mygroup) {
+				int num_groups = 0;
+				char dup_group[512];
+				char *groups[25];
+				const char *group;
+				int x;
 				if ((group = pbx_builtin_getvar_helper(peer, "SPYGROUP"))) {
 					ast_copy_string(dup_group, group, sizeof(dup_group));
 					num_groups = ast_app_separate_args(dup_group, ':', groups,
@@ -673,35 +669,28 @@
 			}
 
 			if (myenforced) {
-
-				/* We don't need to allocate more space than just the
-				length of (peer->name) for ext as we will cut the
-				channel name's ending before copying into ext */
-
-				ext = alloca(strlen(peer->name));
-
-				form_enforced = alloca(strlen(myenforced) + 3);
-
-				strcpy(form_enforced, ":");
-				strcat(form_enforced, myenforced);
-				strcat(form_enforced, ":");
-
-				buffer = ast_strdupa(peer->name);
-				
-				if ((end = strchr(buffer, '-'))) {
+				char ext[AST_CHANNEL_NAME + 3];
+				char buffer[512];
+				char *end;
+
+				snprintf(buffer, sizeof(buffer) - 1, ":%s:", myenforced);
+
+				ast_copy_string(ext + 1, peer->name, sizeof(ext) - 1);
+				if ((end = strchr(ext, '-'))) {
 					*end++ = ':';
 					*end = '\0';
 				}
 
-				strcpy(ext, ":");
-				strcat(ext, buffer);
-
-				if (strcasestr(form_enforced, ext))
+				ext[0] = ':';
+
+				if (strcasestr(buffer, ext)) {
 					ienf = 1;
-			}
-
-			if (!ienf)
+				}
+			}
+
+			if (!ienf) {
 				continue;
+			}
 
 			strcpy(peer_name, "spy-");
 			strncat(peer_name, peer->name, AST_NAME_STRLEN - 4 - 1);

More information about the asterisk-commits mailing list