[asterisk-commits] russell: branch 1.8 r359211 - in /branches/1.8: apps/ channels/

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Wed Mar 14 05:03:11 CDT 2012


Author: russell
Date: Wed Mar 14 05:03:07 2012
New Revision: 359211

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=359211
Log:
Fix invalid reads/writes due to incorrect sizeof().

These few places in the code used sizeof() on h_addr in struct hostent.
This is sizeof(char *).  The correct way to get the size of this address is to
use h_length.  This error would result in reads/writes of 8 bytes instead of 4
on 64-bit machines.

Modified:
    branches/1.8/apps/app_externalivr.c
    branches/1.8/channels/chan_iax2.c

Modified: branches/1.8/apps/app_externalivr.c
URL: http://svnview.digium.com/svn/asterisk/branches/1.8/apps/app_externalivr.c?view=diff&rev=359211&r1=359210&r2=359211
==============================================================================
--- branches/1.8/apps/app_externalivr.c (original)
+++ branches/1.8/apps/app_externalivr.c Wed Mar 14 05:03:07 2012
@@ -514,7 +514,7 @@
 		ast_gethostbyname(hostname, &hp);
 		remote_address_tmp.sin_family = AF_INET;
 		remote_address_tmp.sin_port = htons(port);
-		memcpy(&remote_address_tmp.sin_addr.s_addr, hp.hp.h_addr, sizeof(hp.hp.h_addr));
+		memcpy(&remote_address_tmp.sin_addr.s_addr, hp.hp.h_addr, hp.hp.h_length);
 		ast_sockaddr_from_sin(&ivr_desc.remote_address, &remote_address_tmp);
 		if (!(ser = ast_tcptls_client_create(&ivr_desc)) || !(ser = ast_tcptls_client_start(ser))) {
 			goto exit;

Modified: branches/1.8/channels/chan_iax2.c
URL: http://svnview.digium.com/svn/asterisk/branches/1.8/channels/chan_iax2.c?view=diff&rev=359211&r1=359210&r2=359211
==============================================================================
--- branches/1.8/channels/chan_iax2.c (original)
+++ branches/1.8/channels/chan_iax2.c Wed Mar 14 05:03:07 2012
@@ -4362,7 +4362,7 @@
 				if (!strcasecmp(tmp->name, "host")) {
 					struct ast_hostent ahp;
 					struct hostent *hp;
-					if (!(hp = ast_gethostbyname(tmp->value, &ahp)) || (memcmp(hp->h_addr, &sin->sin_addr, sizeof(hp->h_addr)))) {
+					if (!(hp = ast_gethostbyname(tmp->value, &ahp)) || memcmp(hp->h_addr, &sin->sin_addr, hp->h_length)) {
 						/* No match */
 						ast_variables_destroy(var);
 						var = NULL;
@@ -4474,7 +4474,7 @@
 				if (!strcasecmp(tmp->name, "host")) {
 					struct ast_hostent ahp;
 					struct hostent *hp;
-					if (!(hp = ast_gethostbyname(tmp->value, &ahp)) || (memcmp(hp->h_addr, &sin->sin_addr, sizeof(hp->h_addr)))) {
+					if (!(hp = ast_gethostbyname(tmp->value, &ahp)) || memcmp(hp->h_addr, &sin->sin_addr, hp->h_length)) {
 						/* No match */
 						ast_variables_destroy(var);
 						var = NULL;




More information about the asterisk-commits mailing list