[Asterisk-code-review] res_pjsip_registrar.c: Prevent possible buffer overflow with domain a... (asterisk[13])

[Sean Bright]

Sean Bright has uploaded this change for review. ( https://gerrit.asterisk.org/c/asterisk/+/13368 )


Change subject: res_pjsip_registrar.c: Prevent possible buffer overflow with domain aliases
......................................................................

res_pjsip_registrar.c: Prevent possible buffer overflow with domain aliases

We're appropriately sizing the id_domain_alias buffer, but then copying the data
into the id_domain one. This is ASTERISK~28641 adjacent, but significant enough
to warrant its own patch.

Change-Id: I81c38724d18deab8c6573153e2b99dbb6e2f33d9
---
M res/res_pjsip_registrar.c
1 file changed, 1 insertion(+), 1 deletion(-)



  git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/68/13368/1

diff --git a/res/res_pjsip_registrar.c b/res/res_pjsip_registrar.c
index 2478e4b..af9aa4d 100644
--- a/res/res_pjsip_registrar.c
+++ b/res/res_pjsip_registrar.c
@@ -986,7 +986,7 @@
 	if (alias) {
 		char *id_domain_alias = ast_alloca(strlen(username) + strlen(alias->domain) + 2);
 
-		sprintf(id_domain, "%s@%s", username, alias->domain);
+		sprintf(id_domain_alias, "%s@%s", username, alias->domain);
 		ao2_cleanup(alias);
 
 		configured_aors = strcpy(aors_buf, aors);/* Safe */

-- 
To view, visit https://gerrit.asterisk.org/c/asterisk/+/13368
To unsubscribe, or for help writing mail filters, visit https://gerrit.asterisk.org/settings

Gerrit-Project: asterisk
Gerrit-Branch: 13
Gerrit-Change-Id: I81c38724d18deab8c6573153e2b99dbb6e2f33d9
Gerrit-Change-Number: 13368
Gerrit-PatchSet: 1
Gerrit-Owner: Sean Bright <sean.bright at gmail.com>
Gerrit-MessageType: newchange
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-code-review/attachments/20191204/b2a1ff2a/attachment.html>