[Asterisk-code-review] res_pjsip_registrar.c: Prevent possible buffer overflow with domain a... (asterisk[16])

Friendly Automation asteriskteam at digium.com
Fri Dec 6 08:55:28 CST 2019


Friendly Automation has submitted this change. ( https://gerrit.asterisk.org/c/asterisk/+/13356 )

Change subject: res_pjsip_registrar.c: Prevent possible buffer overflow with domain aliases
......................................................................

res_pjsip_registrar.c: Prevent possible buffer overflow with domain aliases

We're appropriately sizing the id_domain_alias buffer, but then copying the data
into the id_domain one. We were then using the uninitialized id_domain_alias
buffer we just allocated.

This is ASTERISK~28641 adjacent, but significant enough to warrant its own
patch.

Change-Id: I81c38724d18deab8c6573153e2b99dbb6e2f33d9
---
M res/res_pjsip_registrar.c
1 file changed, 1 insertion(+), 1 deletion(-)

Approvals:
  Joshua Colp: Looks good to me, but someone else must approve
  George Joseph: Looks good to me, approved
  Friendly Automation: Approved for Submit



diff --git a/res/res_pjsip_registrar.c b/res/res_pjsip_registrar.c
index 62b738a..953be20 100644
--- a/res/res_pjsip_registrar.c
+++ b/res/res_pjsip_registrar.c
@@ -975,7 +975,7 @@
 	if (alias) {
 		char *id_domain_alias = ast_alloca(strlen(username) + strlen(alias->domain) + 2);
 
-		sprintf(id_domain, "%s@%s", username, alias->domain);
+		sprintf(id_domain_alias, "%s@%s", username, alias->domain);
 		ao2_cleanup(alias);
 
 		configured_aors = strcpy(aors_buf, aors);/* Safe */

-- 
To view, visit https://gerrit.asterisk.org/c/asterisk/+/13356
To unsubscribe, or for help writing mail filters, visit https://gerrit.asterisk.org/settings

Gerrit-Project: asterisk
Gerrit-Branch: 16
Gerrit-Change-Id: I81c38724d18deab8c6573153e2b99dbb6e2f33d9
Gerrit-Change-Number: 13356
Gerrit-PatchSet: 2
Gerrit-Owner: Sean Bright <sean.bright at gmail.com>
Gerrit-Reviewer: Benjamin Keith Ford <bford at digium.com>
Gerrit-Reviewer: Friendly Automation
Gerrit-Reviewer: George Joseph <gjoseph at digium.com>
Gerrit-Reviewer: Joshua Colp <jcolp at digium.com>
Gerrit-MessageType: merged
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-code-review/attachments/20191206/7c8eee38/attachment.html>


More information about the asterisk-code-review mailing list