[asterisk-commits] lmadsen: tag 1.4.38.1 r302144 - in /tags/1.4.38.1: ./ main/

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Mon Jan 17 12:57:44 CST 2011 

Author: lmadsen
Date: Mon Jan 17 12:57:40 2011
New Revision: 302144

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=302144
Log:
AST-2011-001

Removed:
    tags/1.4.38.1/asterisk-1.4.38-summary.html
    tags/1.4.38.1/asterisk-1.4.38-summary.txt
Modified:
    tags/1.4.38.1/.version
    tags/1.4.38.1/ChangeLog
    tags/1.4.38.1/main/utils.c

Modified: tags/1.4.38.1/.version
URL: http://svnview.digium.com/svn/asterisk/tags/1.4.38.1/.version?view=diff&rev=302144&r1=302143&r2=302144
==============================================================================
--- tags/1.4.38.1/.version (original)
+++ tags/1.4.38.1/.version Mon Jan 17 12:57:40 2011
@@ -1,1 +1,1 @@
-1.4.38
+1.4.38.1

Modified: tags/1.4.38.1/ChangeLog
URL: http://svnview.digium.com/svn/asterisk/tags/1.4.38.1/ChangeLog?view=diff&rev=302144&r1=302143&r2=302144
==============================================================================
--- tags/1.4.38.1/ChangeLog (original)
+++ tags/1.4.38.1/ChangeLog Mon Jan 17 12:57:40 2011
@@ -1,3 +1,9 @@
+2010-01-17  Leif Madsen <lmadsen at digium.com>
+
+	* Asterisk 1.4.38.1 Released.
+
+	* AST-2011-001: Stack buffer overflow in SIP channel driver
+
 2010-12-02  Leif Madsen <lmadsen at digium.com>
 
 	* Asterisk 1.4.38 Released.

Modified: tags/1.4.38.1/main/utils.c
URL: http://svnview.digium.com/svn/asterisk/tags/1.4.38.1/main/utils.c?view=diff&rev=302144&r1=302143&r2=302144
==============================================================================
--- tags/1.4.38.1/main/utils.c (original)
+++ tags/1.4.38.1/main/utils.c Mon Jan 17 12:57:40 2011
@@ -387,28 +387,27 @@
 	char *reserved = ";/?:@&=+$,# ";	/* Reserved chars */
 
  	const char *ptr  = string;	/* Start with the string */
-	char *out = NULL;
-	char *buf = NULL;
-
-	ast_copy_string(outbuf, string, buflen);
-
-	/* If there's no characters to convert, just go through and don't do anything */
-	while (*ptr) {
+	char *out = outbuf;
+
+	/* If there's no characters to convert, just go through and copy the string */
+	while (*ptr && out - outbuf < buflen - 1) {
 		if ((*ptr < 32) || (doreserved && strchr(reserved, *ptr))) {
-			/* Oops, we need to start working here */
-			if (!buf) {
-				buf = outbuf;
-				out = buf + (ptr - string) ;	/* Set output ptr */
+			if (out - outbuf >= buflen - 3) {
+				break;
 			}
+
 			out += sprintf(out, "%%%02x", (unsigned char) *ptr);
-		} else if (buf) {
-			*out = *ptr;	/* Continue copying the string */
+		} else {
+			*out = *ptr;	/* copy the character */
 			out++;
-		} 
+		}
 		ptr++;
 	}
-	if (buf)
+
+	if (buflen) {
 		*out = '\0';
+	}
+
 	return outbuf;
 }

More information about the asterisk-commits mailing list