[asterisk-commits] lmadsen: tag 1.8.1.2 r302149 - in /tags/1.8.1.2: ./ main/
SVN commits to the Asterisk project
asterisk-commits at lists.digium.com
Mon Jan 17 12:59:12 CST 2011
Author: lmadsen
Date: Mon Jan 17 12:59:07 2011
New Revision: 302149
URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=302149
Log:
AST-2011-001
Removed:
tags/1.8.1.2/asterisk-1.8.1-summary.html
tags/1.8.1.2/asterisk-1.8.1-summary.txt
tags/1.8.1.2/asterisk-1.8.1.1-summary.html
tags/1.8.1.2/asterisk-1.8.1.1-summary.txt
Modified:
tags/1.8.1.2/.version
tags/1.8.1.2/ChangeLog
tags/1.8.1.2/main/utils.c
Modified: tags/1.8.1.2/.version
URL: http://svnview.digium.com/svn/asterisk/tags/1.8.1.2/.version?view=diff&rev=302149&r1=302148&r2=302149
==============================================================================
--- tags/1.8.1.2/.version (original)
+++ tags/1.8.1.2/.version Mon Jan 17 12:59:07 2011
@@ -1,1 +1,1 @@
-1.8.1.1
+1.8.1.2
Modified: tags/1.8.1.2/ChangeLog
URL: http://svnview.digium.com/svn/asterisk/tags/1.8.1.2/ChangeLog?view=diff&rev=302149&r1=302148&r2=302149
==============================================================================
--- tags/1.8.1.2/ChangeLog (original)
+++ tags/1.8.1.2/ChangeLog Mon Jan 17 12:59:07 2011
@@ -1,3 +1,9 @@
+2011-01-17 Leif Madsen <lmadsen at digium.com>
+
+ * Asterisk 1.8.1.2 Released.
+
+ * AST-2011-001: Stack buffer overflow in SIP channel driver
+
2010-12-13 Leif Madsen <lmadsen at digium.com>
* Asterisk 1.8.1.1 Released.
Modified: tags/1.8.1.2/main/utils.c
URL: http://svnview.digium.com/svn/asterisk/tags/1.8.1.2/main/utils.c?view=diff&rev=302149&r1=302148&r2=302149
==============================================================================
--- tags/1.8.1.2/main/utils.c (original)
+++ tags/1.8.1.2/main/utils.c Mon Jan 17 12:59:07 2011
@@ -383,33 +383,32 @@
char *ast_uri_encode(const char *string, char *outbuf, int buflen, int do_special_char)
{
const char *ptr = string; /* Start with the string */
- char *out = NULL;
- char *buf = NULL;
+ char *out = outbuf;
const char *mark = "-_.!~*'()"; /* no encode set, RFC 2396 section 2.3, RFC 3261 sec 25 */
- ast_copy_string(outbuf, string, buflen);
-
- while (*ptr) {
+
+ while (*ptr && out - outbuf < buflen - 1) {
if ((const signed char) *ptr < 32 || *ptr == 0x7f || *ptr == '%' ||
(do_special_char &&
!(*ptr >= '0' && *ptr <= '9') && /* num */
!(*ptr >= 'A' && *ptr <= 'Z') && /* ALPHA */
!(*ptr >= 'a' && *ptr <= 'z') && /* alpha */
!strchr(mark, *ptr))) { /* mark set */
-
- /* Oops, we need to start working here */
- if (!buf) {
- buf = outbuf;
- out = buf + (ptr - string) ; /* Set output ptr */
+ if (out - outbuf >= buflen - 3) {
+ break;
}
+
out += sprintf(out, "%%%02X", (unsigned char) *ptr);
- } else if (buf) {
+ } else {
*out = *ptr; /* Continue copying the string */
out++;
}
ptr++;
}
- if (buf)
+
+ if (buflen) {
*out = '\0';
+ }
+
return outbuf;
}
More information about the asterisk-commits
mailing list