[asterisk-commits] mnick: branch 1.4 r221153 - /branches/1.4/funcs/func_strings.c

[SVN commits to the Asterisk project]

Author: mnick
Date: Wed Sep 30 10:37:39 2009
New Revision: 221153

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=221153
Log:
check bounds - prevents for buffer overflow

Modified:
    branches/1.4/funcs/func_strings.c

Modified: branches/1.4/funcs/func_strings.c
URL: http://svnview.digium.com/svn/asterisk/branches/1.4/funcs/func_strings.c?view=diff&rev=221153&r1=221152&r2=221153
==============================================================================
--- branches/1.4/funcs/func_strings.c (original)
+++ branches/1.4/funcs/func_strings.c Wed Sep 30 10:37:39 2009
@@ -384,6 +384,12 @@
 static int quote(struct ast_channel *chan, char *cmd, char *data, char *buf, size_t len)
 {
 	char *bufptr = buf, *dataptr = data;
+
+	if (len < 3){ /* at least two for quotes and one for binary zero */
+		ast_log(LOG_ERROR, "Not enough buffer");
+		return -1;
+	}
+
 	if (ast_strlen_zero(data)) {
 		ast_log(LOG_WARNING, "No argument specified!\n");
 		ast_copy_string(buf, "\"\"", len);
@@ -391,7 +397,7 @@
 	}
 
 	*bufptr++ = '"';
-	for (; bufptr < buf + len - 1; dataptr++) {
+	for (; bufptr < buf + len - 3; dataptr++) {
 		if (*dataptr == '\\') {
 			*bufptr++ = '\\';
 			*bufptr++ = '\\';