[svn-commits] tilghman: branch 1.4 r106552 - in /branches/1.4: apps/ channels/ funcs/ main/
SVN commits to the Digium repositories
svn-commits at lists.digium.com
Fri Mar 7 00:36:33 CST 2008
Author: tilghman
Date: Fri Mar 7 00:36:33 2008
New Revision: 106552
URL: http://svn.digium.com/view/asterisk?view=rev&rev=106552
Log:
Safely use the strncat() function.
(closes issue #11958)
Reported by: norman
Patches:
20080209__bug11958.diff.txt uploaded by Corydon76 (license 14)
Modified:
branches/1.4/apps/app_chanspy.c
branches/1.4/apps/app_rpt.c
branches/1.4/apps/app_speech_utils.c
branches/1.4/apps/app_voicemail.c
branches/1.4/channels/chan_misdn.c
branches/1.4/funcs/func_enum.c
branches/1.4/main/asterisk.c
branches/1.4/main/channel.c
branches/1.4/main/frame.c
branches/1.4/main/manager.c
Modified: branches/1.4/apps/app_chanspy.c
URL: http://svn.digium.com/view/asterisk/branches/1.4/apps/app_chanspy.c?view=diff&rev=106552&r1=106551&r2=106552
==============================================================================
--- branches/1.4/apps/app_chanspy.c (original)
+++ branches/1.4/apps/app_chanspy.c Fri Mar 7 00:36:33 2008
@@ -579,7 +579,7 @@
}
strcpy(peer_name, "spy-");
- strncat(peer_name, peer->name, AST_NAME_STRLEN);
+ strncat(peer_name, peer->name, AST_NAME_STRLEN - 4 - 1);
ptr = strchr(peer_name, '/');
*ptr++ = '\0';
Modified: branches/1.4/apps/app_rpt.c
URL: http://svn.digium.com/view/asterisk/branches/1.4/apps/app_rpt.c?view=diff&rev=106552&r1=106551&r2=106552
==============================================================================
--- branches/1.4/apps/app_rpt.c (original)
+++ branches/1.4/apps/app_rpt.c Fri Mar 7 00:36:33 2008
@@ -2427,7 +2427,7 @@
}
if(!busy){
myrpt->macrotimer = MACROTIME;
- strncat(myrpt->macrobuf,argv[3],MAXMACRO - 1);
+ strncat(myrpt->macrobuf, argv[3], MAXMACRO - strlen(myrpt->macrobuf) - 1);
}
rpt_mutex_unlock(&myrpt->lock);
}
@@ -5090,7 +5090,7 @@
return DC_ERROR;
}
myrpt->macrotimer = MACROTIME;
- strncat(myrpt->macrobuf,val,MAXMACRO - 1);
+ strncat(myrpt->macrobuf, val, MAXMACRO - strlen(myrpt->macrobuf) - 1);
rpt_mutex_unlock(&myrpt->lock);
return DC_COMPLETE;
}
@@ -8749,7 +8749,7 @@
return; /* Macro buffer full */
}
myrpt->macrotimer = MACROTIME;
- strncat(myrpt->macrobuf,val,MAXMACRO - 1);
+ strncat(myrpt->macrobuf,val,MAXMACRO - strlen(myrpt->macrobuf) - 1);
}
else{
ast_log(LOG_WARNING,"Malformed scheduler entry in rpt.conf: %s = %s\n",
Modified: branches/1.4/apps/app_speech_utils.c
URL: http://svn.digium.com/view/asterisk/branches/1.4/apps/app_speech_utils.c?view=diff&rev=106552&r1=106551&r2=106552
==============================================================================
--- branches/1.4/apps/app_speech_utils.c (original)
+++ branches/1.4/apps/app_speech_utils.c Fri Mar 7 00:36:33 2008
@@ -735,7 +735,7 @@
}
time(&start);
snprintf(tmp, sizeof(tmp), "%c", f->subclass);
- strncat(dtmf, tmp, sizeof(dtmf));
+ strncat(dtmf, tmp, sizeof(dtmf) - strlen(dtmf) - 1);
/* If the maximum length of the DTMF has been reached, stop now */
if (max_dtmf_len && strlen(dtmf) == max_dtmf_len)
done = 1;
Modified: branches/1.4/apps/app_voicemail.c
URL: http://svn.digium.com/view/asterisk/branches/1.4/apps/app_voicemail.c?view=diff&rev=106552&r1=106551&r2=106552
==============================================================================
--- branches/1.4/apps/app_voicemail.c (original)
+++ branches/1.4/apps/app_voicemail.c Fri Mar 7 00:36:33 2008
@@ -3842,8 +3842,8 @@
make_file(msgfile, sizeof(msgfile), curdir, curmsg);
strcpy(textfile, msgfile);
strcpy(backup, msgfile);
- strncat(textfile, ".txt", sizeof(textfile) - 1);
- strncat(backup, "-bak", sizeof(backup) - 1);
+ strncat(textfile, ".txt", sizeof(textfile) - strlen(textfile) - 1);
+ strncat(backup, "-bak", sizeof(backup) - strlen(backup) - 1);
if (!(msg_cfg = ast_config_load(textfile))) {
return -1;
Modified: branches/1.4/channels/chan_misdn.c
URL: http://svn.digium.com/view/asterisk/branches/1.4/channels/chan_misdn.c?view=diff&rev=106552&r1=106551&r2=106552
==============================================================================
--- branches/1.4/channels/chan_misdn.c (original)
+++ branches/1.4/channels/chan_misdn.c Fri Mar 7 00:36:33 2008
@@ -2246,8 +2246,7 @@
buf[1]=0;
l = sizeof(bc->infos_pending);
- strncat(bc->infos_pending,buf,l);
- bc->infos_pending[l-1] = 0;
+ strncat(bc->infos_pending, buf, l - strlen(bc->infos_pending) - 1);
}
break;
case MISDN_CALLING_ACKNOWLEDGE:
@@ -2257,8 +2256,7 @@
{
int l = sizeof(bc->dad);
- strncat(bc->dad,bc->info_dad, l - strlen(bc->dad));
- bc->dad[l-1] = 0;
+ strncat(bc->dad, bc->info_dad, l - strlen(bc->dad) - 1);
}
{
int l = sizeof(p->ast->exten);
@@ -4054,8 +4052,7 @@
}
l = sizeof(bc->dad);
- strncat(bc->dad,bc->info_dad, l);
- bc->dad[l-1] = 0;
+ strncat(bc->dad,bc->info_dad, l - strlen(bc->dad) - 1);
l = sizeof(ch->ast->exten);
strncpy(ch->ast->exten, bc->dad, l);
@@ -4133,8 +4130,7 @@
if (ch->state != MISDN_CONNECTED ) {
if (digits) {
int l = sizeof(bc->dad);
- strncat(bc->dad,bc->info_dad, l);
- bc->dad[l-1] = 0;
+ strncat(bc->dad, bc->info_dad, l - strlen(bc->dad) - 1);
l = sizeof(ch->ast->exten);
strncpy(ch->ast->exten, bc->dad, l);
ch->ast->exten[l-1] = 0;
@@ -4436,8 +4432,7 @@
{
int l = sizeof(bc->dad);
- strncat(bc->dad,bc->infos_pending, l - strlen(bc->dad));
- bc->dad[l-1] = 0;
+ strncat(bc->dad, bc->infos_pending, l - strlen(bc->dad) - 1);
}
if (!ch->ast) break;
Modified: branches/1.4/funcs/func_enum.c
URL: http://svn.digium.com/view/asterisk/branches/1.4/funcs/func_enum.c?view=diff&rev=106552&r1=106551&r2=106552
==============================================================================
--- branches/1.4/funcs/func_enum.c (original)
+++ branches/1.4/funcs/func_enum.c Fri Mar 7 00:36:33 2008
@@ -98,7 +98,7 @@
for (s = p = args.number; *s; s++) {
if (*s != '-') {
snprintf(tmp, sizeof(tmp), "%c", *s);
- strncat(num, tmp, sizeof(num));
+ strncat(num, tmp, sizeof(num) - strlen(num) - 1);
}
}
Modified: branches/1.4/main/asterisk.c
URL: http://svn.digium.com/view/asterisk/branches/1.4/main/asterisk.c?view=diff&rev=106552&r1=106551&r2=106552
==============================================================================
--- branches/1.4/main/asterisk.c (original)
+++ branches/1.4/main/asterisk.c Fri Mar 7 00:36:33 2008
@@ -1932,9 +1932,10 @@
if (color_used) {
/* Force colors back to normal at end */
term_color_code(term_code, COLOR_WHITE, COLOR_BLACK, sizeof(term_code));
- if (strlen(term_code) > sizeof(prompt) - strlen(prompt)) {
- strncat(prompt + sizeof(prompt) - strlen(term_code) - 1, term_code, strlen(term_code));
+ if (strlen(term_code) > sizeof(prompt) - strlen(prompt) - 1) {
+ ast_copy_string(prompt + sizeof(prompt) - strlen(term_code) - 1, term_code, strlen(term_code) + 1);
} else {
+ /* This looks wrong, but we've already checked the length of term_code to ensure it's safe */
strncat(p, term_code, sizeof(term_code));
}
}
Modified: branches/1.4/main/channel.c
URL: http://svn.digium.com/view/asterisk/branches/1.4/main/channel.c?view=diff&rev=106552&r1=106551&r2=106552
==============================================================================
--- branches/1.4/main/channel.c (original)
+++ branches/1.4/main/channel.c Fri Mar 7 00:36:33 2008
@@ -4373,12 +4373,12 @@
for (i = 0; i <= 63; i++) { /* Max group is 63 */
if (group & ((ast_group_t) 1 << i)) {
if (!first) {
- strncat(buf, ", ", buflen);
+ strncat(buf, ", ", buflen - strlen(buf) - 1);
} else {
first=0;
}
snprintf(num, sizeof(num), "%u", i);
- strncat(buf, num, buflen);
+ strncat(buf, num, buflen - strlen(buf) - 1);
}
}
return buf;
Modified: branches/1.4/main/frame.c
URL: http://svn.digium.com/view/asterisk/branches/1.4/main/frame.c?view=diff&rev=106552&r1=106551&r2=106552
==============================================================================
--- branches/1.4/main/frame.c (original)
+++ branches/1.4/main/frame.c Fri Mar 7 00:36:33 2008
@@ -1091,16 +1091,16 @@
slen = strlen(formatname);
if(slen > total_len)
break;
- strncat(buf,formatname,total_len);
+ strncat(buf, formatname, total_len - 1); /* safe */
total_len -= slen;
}
if(total_len && x < 31 && ast_codec_pref_index(pref , x + 1)) {
- strncat(buf,"|",total_len);
+ strncat(buf, "|", total_len - 1); /* safe */
total_len--;
}
}
if(total_len) {
- strncat(buf,")",total_len);
+ strncat(buf, ")", total_len - 1); /* safe */
total_len--;
}
Modified: branches/1.4/main/manager.c
URL: http://svn.digium.com/view/asterisk/branches/1.4/main/manager.c?view=diff&rev=106552&r1=106551&r2=106552
==============================================================================
--- branches/1.4/main/manager.c (original)
+++ branches/1.4/main/manager.c Fri Mar 7 00:36:33 2008
@@ -206,10 +206,10 @@
for (i = 0; i < (sizeof(perms) / sizeof(perms[0])) - 1; i++) {
if (authority & perms[i].num) {
if (*res) {
- strncat(res, ",", (reslen > running_total) ? reslen - running_total : 0);
+ strncat(res, ",", (reslen > running_total) ? reslen - running_total - 1 : 0);
running_total++;
}
- strncat(res, perms[i].label, (reslen > running_total) ? reslen - running_total : 0);
+ strncat(res, perms[i].label, (reslen > running_total) ? reslen - running_total - 1 : 0);
running_total += strlen(perms[i].label);
}
}
More information about the svn-commits
mailing list