[svn-commits] tilghman: branch 1.4 r106552 - in /branches/1.4: apps/ channels/ funcs/ main/

SVN commits to the Digium repositories svn-commits at lists.digium.com
Fri Mar 7 00:36:33 CST 2008


Author: tilghman
Date: Fri Mar  7 00:36:33 2008
New Revision: 106552

URL: http://svn.digium.com/view/asterisk?view=rev&rev=106552
Log:
Safely use the strncat() function.
(closes issue #11958)
 Reported by: norman
 Patches: 
       20080209__bug11958.diff.txt uploaded by Corydon76 (license 14)

Modified:
    branches/1.4/apps/app_chanspy.c
    branches/1.4/apps/app_rpt.c
    branches/1.4/apps/app_speech_utils.c
    branches/1.4/apps/app_voicemail.c
    branches/1.4/channels/chan_misdn.c
    branches/1.4/funcs/func_enum.c
    branches/1.4/main/asterisk.c
    branches/1.4/main/channel.c
    branches/1.4/main/frame.c
    branches/1.4/main/manager.c

Modified: branches/1.4/apps/app_chanspy.c
URL: http://svn.digium.com/view/asterisk/branches/1.4/apps/app_chanspy.c?view=diff&rev=106552&r1=106551&r2=106552
==============================================================================
--- branches/1.4/apps/app_chanspy.c (original)
+++ branches/1.4/apps/app_chanspy.c Fri Mar  7 00:36:33 2008
@@ -579,7 +579,7 @@
 			}
 
 			strcpy(peer_name, "spy-");
-			strncat(peer_name, peer->name, AST_NAME_STRLEN);
+			strncat(peer_name, peer->name, AST_NAME_STRLEN - 4 - 1);
 			ptr = strchr(peer_name, '/');
 			*ptr++ = '\0';
 			

Modified: branches/1.4/apps/app_rpt.c
URL: http://svn.digium.com/view/asterisk/branches/1.4/apps/app_rpt.c?view=diff&rev=106552&r1=106551&r2=106552
==============================================================================
--- branches/1.4/apps/app_rpt.c (original)
+++ branches/1.4/apps/app_rpt.c Fri Mar  7 00:36:33 2008
@@ -2427,7 +2427,7 @@
 			}
 			if(!busy){
 				myrpt->macrotimer = MACROTIME;
-				strncat(myrpt->macrobuf,argv[3],MAXMACRO - 1);
+				strncat(myrpt->macrobuf, argv[3], MAXMACRO - strlen(myrpt->macrobuf) - 1);
 			}
 			rpt_mutex_unlock(&myrpt->lock);
 		}
@@ -5090,7 +5090,7 @@
 		return DC_ERROR;
 	}
 	myrpt->macrotimer = MACROTIME;
-	strncat(myrpt->macrobuf,val,MAXMACRO - 1);
+	strncat(myrpt->macrobuf, val, MAXMACRO - strlen(myrpt->macrobuf) - 1);
 	rpt_mutex_unlock(&myrpt->lock);
 	return DC_COMPLETE;	
 }
@@ -8749,7 +8749,7 @@
 				return; /* Macro buffer full */
 			}
 			myrpt->macrotimer = MACROTIME;
-			strncat(myrpt->macrobuf,val,MAXMACRO - 1);
+			strncat(myrpt->macrobuf,val,MAXMACRO - strlen(myrpt->macrobuf) - 1);
 		}
 		else{
 			ast_log(LOG_WARNING,"Malformed scheduler entry in rpt.conf: %s = %s\n",

Modified: branches/1.4/apps/app_speech_utils.c
URL: http://svn.digium.com/view/asterisk/branches/1.4/apps/app_speech_utils.c?view=diff&rev=106552&r1=106551&r2=106552
==============================================================================
--- branches/1.4/apps/app_speech_utils.c (original)
+++ branches/1.4/apps/app_speech_utils.c Fri Mar  7 00:36:33 2008
@@ -735,7 +735,7 @@
 					}
 					time(&start);
 					snprintf(tmp, sizeof(tmp), "%c", f->subclass);
-					strncat(dtmf, tmp, sizeof(dtmf));
+					strncat(dtmf, tmp, sizeof(dtmf) - strlen(dtmf) - 1);
 					/* If the maximum length of the DTMF has been reached, stop now */
 					if (max_dtmf_len && strlen(dtmf) == max_dtmf_len)
 						done = 1;

Modified: branches/1.4/apps/app_voicemail.c
URL: http://svn.digium.com/view/asterisk/branches/1.4/apps/app_voicemail.c?view=diff&rev=106552&r1=106551&r2=106552
==============================================================================
--- branches/1.4/apps/app_voicemail.c (original)
+++ branches/1.4/apps/app_voicemail.c Fri Mar  7 00:36:33 2008
@@ -3842,8 +3842,8 @@
 	make_file(msgfile, sizeof(msgfile), curdir, curmsg);
 	strcpy(textfile, msgfile);
 	strcpy(backup, msgfile);
-	strncat(textfile, ".txt", sizeof(textfile) - 1);
-	strncat(backup, "-bak", sizeof(backup) - 1);
+	strncat(textfile, ".txt", sizeof(textfile) - strlen(textfile) - 1);
+	strncat(backup, "-bak", sizeof(backup) - strlen(backup) - 1);
 
 	if (!(msg_cfg = ast_config_load(textfile))) {
 		return -1;

Modified: branches/1.4/channels/chan_misdn.c
URL: http://svn.digium.com/view/asterisk/branches/1.4/channels/chan_misdn.c?view=diff&rev=106552&r1=106551&r2=106552
==============================================================================
--- branches/1.4/channels/chan_misdn.c (original)
+++ branches/1.4/channels/chan_misdn.c Fri Mar  7 00:36:33 2008
@@ -2246,8 +2246,7 @@
 			buf[1]=0;
 			
 			l = sizeof(bc->infos_pending);
-			strncat(bc->infos_pending,buf,l);
-			bc->infos_pending[l-1] = 0;
+			strncat(bc->infos_pending, buf, l - strlen(bc->infos_pending) - 1);
 		}
 		break;
 		case MISDN_CALLING_ACKNOWLEDGE:
@@ -2257,8 +2256,7 @@
 			
 			{
 				int l = sizeof(bc->dad);
-				strncat(bc->dad,bc->info_dad, l - strlen(bc->dad));
-				bc->dad[l-1] = 0;
+				strncat(bc->dad, bc->info_dad, l - strlen(bc->dad) - 1);
 			}
 			{
 				int l = sizeof(p->ast->exten);
@@ -4054,8 +4052,7 @@
 			}
 
 			l = sizeof(bc->dad);
-			strncat(bc->dad,bc->info_dad, l);
-			bc->dad[l-1] = 0;
+			strncat(bc->dad,bc->info_dad, l - strlen(bc->dad) - 1);
 
 			l = sizeof(ch->ast->exten);
 			strncpy(ch->ast->exten, bc->dad, l);
@@ -4133,8 +4130,7 @@
 			if (ch->state != MISDN_CONNECTED ) {
 				if (digits) {
 					int l = sizeof(bc->dad);
-					strncat(bc->dad,bc->info_dad, l);
-					bc->dad[l-1] = 0;
+					strncat(bc->dad, bc->info_dad, l - strlen(bc->dad) - 1);
 					l = sizeof(ch->ast->exten);
 					strncpy(ch->ast->exten, bc->dad, l);
 					ch->ast->exten[l-1] = 0;
@@ -4436,8 +4432,7 @@
 			
 			{
 				int l = sizeof(bc->dad);
-				strncat(bc->dad,bc->infos_pending, l - strlen(bc->dad));
-				bc->dad[l-1] = 0;
+				strncat(bc->dad, bc->infos_pending, l - strlen(bc->dad) - 1);
 			}	
 		
 			if (!ch->ast) break;

Modified: branches/1.4/funcs/func_enum.c
URL: http://svn.digium.com/view/asterisk/branches/1.4/funcs/func_enum.c?view=diff&rev=106552&r1=106551&r2=106552
==============================================================================
--- branches/1.4/funcs/func_enum.c (original)
+++ branches/1.4/funcs/func_enum.c Fri Mar  7 00:36:33 2008
@@ -98,7 +98,7 @@
 	for (s = p = args.number; *s; s++) {
 		if (*s != '-') {
 			snprintf(tmp, sizeof(tmp), "%c", *s);
-			strncat(num, tmp, sizeof(num));
+			strncat(num, tmp, sizeof(num) - strlen(num) - 1);
 		}
 
 	}

Modified: branches/1.4/main/asterisk.c
URL: http://svn.digium.com/view/asterisk/branches/1.4/main/asterisk.c?view=diff&rev=106552&r1=106551&r2=106552
==============================================================================
--- branches/1.4/main/asterisk.c (original)
+++ branches/1.4/main/asterisk.c Fri Mar  7 00:36:33 2008
@@ -1932,9 +1932,10 @@
 		if (color_used) {
 			/* Force colors back to normal at end */
 			term_color_code(term_code, COLOR_WHITE, COLOR_BLACK, sizeof(term_code));
-			if (strlen(term_code) > sizeof(prompt) - strlen(prompt)) {
-				strncat(prompt + sizeof(prompt) - strlen(term_code) - 1, term_code, strlen(term_code));
+			if (strlen(term_code) > sizeof(prompt) - strlen(prompt) - 1) {
+				ast_copy_string(prompt + sizeof(prompt) - strlen(term_code) - 1, term_code, strlen(term_code) + 1);
 			} else {
+				/* This looks wrong, but we've already checked the length of term_code to ensure it's safe */
 				strncat(p, term_code, sizeof(term_code));
 			}
 		}

Modified: branches/1.4/main/channel.c
URL: http://svn.digium.com/view/asterisk/branches/1.4/main/channel.c?view=diff&rev=106552&r1=106551&r2=106552
==============================================================================
--- branches/1.4/main/channel.c (original)
+++ branches/1.4/main/channel.c Fri Mar  7 00:36:33 2008
@@ -4373,12 +4373,12 @@
 	for (i = 0; i <= 63; i++) {	/* Max group is 63 */
 		if (group & ((ast_group_t) 1 << i)) {
 	   		if (!first) {
-				strncat(buf, ", ", buflen);
+				strncat(buf, ", ", buflen - strlen(buf) - 1);
 			} else {
 				first=0;
 	  		}
 			snprintf(num, sizeof(num), "%u", i);
-			strncat(buf, num, buflen);
+			strncat(buf, num, buflen - strlen(buf) - 1);
 		}
 	}
 	return buf;

Modified: branches/1.4/main/frame.c
URL: http://svn.digium.com/view/asterisk/branches/1.4/main/frame.c?view=diff&rev=106552&r1=106551&r2=106552
==============================================================================
--- branches/1.4/main/frame.c (original)
+++ branches/1.4/main/frame.c Fri Mar  7 00:36:33 2008
@@ -1091,16 +1091,16 @@
 			slen = strlen(formatname);
 			if(slen > total_len)
 				break;
-			strncat(buf,formatname,total_len);
+			strncat(buf, formatname, total_len - 1); /* safe */
 			total_len -= slen;
 		}
 		if(total_len && x < 31 && ast_codec_pref_index(pref , x + 1)) {
-			strncat(buf,"|",total_len);
+			strncat(buf, "|", total_len - 1); /* safe */
 			total_len--;
 		}
 	}
 	if(total_len) {
-		strncat(buf,")",total_len);
+		strncat(buf, ")", total_len - 1); /* safe */
 		total_len--;
 	}
 

Modified: branches/1.4/main/manager.c
URL: http://svn.digium.com/view/asterisk/branches/1.4/main/manager.c?view=diff&rev=106552&r1=106551&r2=106552
==============================================================================
--- branches/1.4/main/manager.c (original)
+++ branches/1.4/main/manager.c Fri Mar  7 00:36:33 2008
@@ -206,10 +206,10 @@
 	for (i = 0; i < (sizeof(perms) / sizeof(perms[0])) - 1; i++) {
 		if (authority & perms[i].num) {
 			if (*res) {
-				strncat(res, ",", (reslen > running_total) ? reslen - running_total : 0);
+				strncat(res, ",", (reslen > running_total) ? reslen - running_total - 1 : 0);
 				running_total++;
 			}
-			strncat(res, perms[i].label, (reslen > running_total) ? reslen - running_total : 0);
+			strncat(res, perms[i].label, (reslen > running_total) ? reslen - running_total - 1 : 0);
 			running_total += strlen(perms[i].label);
 		}
 	}




More information about the svn-commits mailing list