[Asterisk-cvs] asterisk/channels chan_h323.c,1.70,1.71

markster at lists.digium.com markster at lists.digium.com
Fri Jul 30 16:15:55 CDT 2004 

Update of /usr/cvsroot/asterisk/channels
In directory localhost.localdomain:/tmp/cvs-serv1448/channels

Modified Files:
	chan_h323.c 
Log Message:
Fix potential overflow in H.323


Index: chan_h323.c
===================================================================
RCS file: /usr/cvsroot/asterisk/channels/chan_h323.c,v
retrieving revision 1.70
retrieving revision 1.71
diff -u -d -r1.70 -r1.71
--- chan_h323.c	22 Jul 2004 04:24:50 -0000	1.70
+++ chan_h323.c	30 Jul 2004 20:01:58 -0000	1.71
@@ -173,6 +173,9 @@
    when it's doing something critical. */
 AST_MUTEX_DEFINE_STATIC(monlock);
 
+/* Avoid two chan to pass capabilities simultaneaously to the h323 stack. */
+AST_MUTEX_DEFINE_STATIC(caplock);
+
 /* This is the thread for the monitor which checks for input on the channels
    which are not currently in use.  */
 static pthread_t monitor_thread = AST_PTHREADT_NULL;
@@ -423,6 +426,11 @@
 
 	ast_log(LOG_DEBUG, "dest=%s, timeout=%d.\n", dest, timeout);
 
+	if (strlen(dest) > sizeof(called_addr) - 1) {
+		ast_log(LOG_DEBUG, "Destination is too long (%d)\n", strlen(dest));
+		return -1;
+	}
+
 	if ((c->_state != AST_STATE_DOWN) && (c->_state != AST_STATE_RESERVED)) {
 		ast_log(LOG_WARNING, "Line is already in use (%s)\n", c->name);
 		return -1;
@@ -443,8 +451,8 @@
 	}
 
 	/* Build the address to call */
-	memset(called_addr, 0, sizeof(dest));
-	memcpy(called_addr, dest, sizeof(called_addr));
+	memset(called_addr, 0, sizeof(called_addr));
+	memcpy(called_addr, dest, strlen(dest));
 
 	/* Copy callerid, if there is any */
 	if (c->callerid) {
@@ -890,7 +898,9 @@
 		}
 	}
 	/* pass on our preferred codec to the H.323 stack */
+	ast_mutex_lock(&caplock);
 	h323_set_capability(format, dtmfmode);
+	ast_mutex_unlock(&caplock);
 
 	if (ext) {
 		strncpy(p->username, ext, sizeof(p->username) - 1);
@@ -1725,6 +1735,7 @@
 		}
 		cat = ast_category_browse(cfg, cat);
 	}
+	ast_destroy(cfg);
 
 	/* Register our H.323 aliases if any*/
 	while (alias) {		
@@ -1736,11 +1747,13 @@
 	}
 
 	/* Add some capabilities */
+	ast_mutex_lock(&caplock);
 	if(h323_set_capability(capability, dtmfmode)) {
 		ast_log(LOG_ERROR, "Capabilities failure, this is bad.\n");
+		ast_mutex_unlock(&caplock);
 		return -1;
-	}	
-	ast_destroy(cfg);
+	}
+	ast_mutex_unlock(&caplock);
 
 	return 0;
 }

More information about the svn-commits mailing list