[asterisk-commits] mmichelson: branch 1.6.0 r174820 - in /branches/1.6.0: ./ apps/app_chanspy.c
SVN commits to the Asterisk project
asterisk-commits at lists.digium.com
Tue Feb 10 17:20:28 CST 2009
Author: mmichelson
Date: Tue Feb 10 17:20:27 2009
New Revision: 174820
URL: http://svn.digium.com/svn-view/asterisk?view=rev&rev=174820
Log:
Merged revisions 174805 via svnmerge from
https://origsvn.digium.com/svn/asterisk/trunk
........
r174805 | mmichelson | 2009-02-10 17:17:03 -0600 (Tue, 10 Feb 2009) | 11 lines
Fix potential for stack overflows in app_chanspy.c
When using the 'g' or 'e' options, the stack allocations that
were used could cause a stack overflow if a spyer stayed on the
line long enough without actually successfully spying on anyone.
The problem has been corrected by using static buffers and copying
the contents of the appropriate strings into them instead of using
functions like alloca or ast_strdupa
........
Modified:
branches/1.6.0/ (props changed)
branches/1.6.0/apps/app_chanspy.c
Propchange: branches/1.6.0/
------------------------------------------------------------------------------
Binary property 'trunk-merged' - no diff available.
Modified: branches/1.6.0/apps/app_chanspy.c
URL: http://svn.digium.com/svn-view/asterisk/branches/1.6.0/apps/app_chanspy.c?view=diff&rev=174820&r1=174819&r2=174820
==============================================================================
--- branches/1.6.0/apps/app_chanspy.c (original)
+++ branches/1.6.0/apps/app_chanspy.c Tue Feb 10 17:20:27 2009
@@ -613,18 +613,9 @@
chanspy_ds_free(peer_chanspy_ds), prev = peer,
peer_chanspy_ds = next_chanspy_ds ? next_chanspy_ds :
next_channel(chan, prev, spec, exten, context, &chanspy_ds), next_chanspy_ds = NULL) {
- const char *group;
int igrp = !mygroup;
- char *groups[25];
- int num_groups = 0;
- char dup_group[512];
- int x;
+ int ienf = !myenforced;
char *s;
- char *buffer;
- char *end;
- char *ext;
- char *form_enforced;
- int ienf = !myenforced;
peer = peer_chanspy_ds->chan;
@@ -653,6 +644,11 @@
}
if (mygroup) {
+ int num_groups = 0;
+ char dup_group[512];
+ char *groups[25];
+ const char *group;
+ int x;
if ((group = pbx_builtin_getvar_helper(peer, "SPYGROUP"))) {
ast_copy_string(dup_group, group, sizeof(dup_group));
num_groups = ast_app_separate_args(dup_group, ':', groups,
@@ -673,35 +669,28 @@
}
if (myenforced) {
-
- /* We don't need to allocate more space than just the
- length of (peer->name) for ext as we will cut the
- channel name's ending before copying into ext */
-
- ext = alloca(strlen(peer->name));
-
- form_enforced = alloca(strlen(myenforced) + 3);
-
- strcpy(form_enforced, ":");
- strcat(form_enforced, myenforced);
- strcat(form_enforced, ":");
-
- buffer = ast_strdupa(peer->name);
-
- if ((end = strchr(buffer, '-'))) {
+ char ext[AST_CHANNEL_NAME + 3];
+ char buffer[512];
+ char *end;
+
+ snprintf(buffer, sizeof(buffer) - 1, ":%s:", myenforced);
+
+ ast_copy_string(ext + 1, peer->name, sizeof(ext) - 1);
+ if ((end = strchr(ext, '-'))) {
*end++ = ':';
*end = '\0';
}
- strcpy(ext, ":");
- strcat(ext, buffer);
-
- if (strcasestr(form_enforced, ext))
+ ext[0] = ':';
+
+ if (strcasestr(buffer, ext)) {
ienf = 1;
- }
-
- if (!ienf)
+ }
+ }
+
+ if (!ienf) {
continue;
+ }
strcpy(peer_name, "spy-");
strncat(peer_name, peer->name, AST_NAME_STRLEN - 4 - 1);
More information about the asterisk-commits
mailing list