[asterisk-commits] mjordan: trunk r378410 - in /trunk: ./ res/res_xmpp.c

[SVN commits to the Asterisk project]

Author: mjordan
Date: Thu Jan  3 09:37:31 2013
New Revision: 378410

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=378410
Log:
Prevent crashes in res_xmpp when receiving large messages

Similar to r378287, res_xmpp was marshaling data read from an external source
onto the stack. For a sufficiently large message, this could cause a stack
overflow. This patch modifies res_xmpp in a similar fashion to res_jabber by
removing the stack allocation, as it was unnecessary.

(issue ASTERISK-20658)
Reported by: wdoekes
........

Merged revisions 378409 from http://svn.asterisk.org/svn/asterisk/branches/11

Modified:
    trunk/   (props changed)
    trunk/res/res_xmpp.c

Propchange: trunk/
------------------------------------------------------------------------------
Binary property 'branch-11-merged' - no diff available.

Modified: trunk/res/res_xmpp.c
URL: http://svnview.digium.com/svn/asterisk/trunk/res/res_xmpp.c?view=diff&rev=378410&r1=378409&r2=378410
==============================================================================
--- trunk/res/res_xmpp.c (original)
+++ trunk/res/res_xmpp.c Thu Jan  3 09:37:31 2013
@@ -1846,7 +1846,7 @@
 {
 	RAII_VAR(struct xmpp_config *, cfg, ao2_global_obj_ref(globals), ao2_cleanup);
 	RAII_VAR(struct ast_xmpp_client_config *, clientcfg, NULL, ao2_cleanup);
-	char *aux = NULL, *parse = NULL;
+	char *parse = NULL;
 	int timeout, jidlen, resourcelen, found = 0;
 	struct timeval start;
 	long diff = 0;
@@ -1960,7 +1960,7 @@
 				continue;
 			}
 			found = 1;
-			aux = ast_strdupa(message->message);
+			ast_copy_string(buf, message->message, buflen);
 			AST_LIST_REMOVE_CURRENT(list);
 			xmpp_message_destroy(message);
 			break;
@@ -1984,7 +1984,6 @@
 		ast_log(LOG_NOTICE, "Timed out : no message received from %s\n", args.jid);
 		return -1;
 	}
-	ast_copy_string(buf, aux, buflen);
 
 	return 0;
 }