<p>George Joseph has uploaded this change for <strong>review</strong>.</p><p><a href="https://gerrit.asterisk.org/7126">View Change</a></p><pre style="font-family: monospace,monospace; white-space: pre-wrap;">AST-2017-010: Fix cdr_object_update_party_b_userfield_cb() buf overrun<br><br>cdr_object_update_party_b_userfield_cb() could overrun the fixed buffer if<br>the supplied string is too long. The long string could be supplied by<br>external means using the CDR(userfield) function.<br><br>This may seem reminiscent to AST-2017-001 (ASTERISK_26897) and it is. The<br>earlier patch fixed the buffer overrun for Party A's userfield while this<br>patch fixes the same thing for Party B's userfield.<br><br>ASTERISK-27337<br><br>Change-Id: I0fa767f65ecec7e676ca465306ff9e0edbf3b652<br>---<br>M main/cdr.c<br>1 file changed, 4 insertions(+), 2 deletions(-)<br><br></pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;">git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/26/7126/1</pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;">diff --git a/main/cdr.c b/main/cdr.c<br>index ecf7bd3..5fd2a75 100644<br>--- a/main/cdr.c<br>+++ b/main/cdr.c<br>@@ -3229,7 +3229,8 @@<br> }<br> if (it_cdr->party_b.snapshot<br> && !strcasecmp(it_cdr->party_b.snapshot->name, info->channel_name)) {<br>- strcpy(it_cdr->party_b.userfield, info->userfield);<br>+ ast_copy_string(it_cdr->party_b.userfield, info->userfield,<br>+ sizeof(it_cdr->party_b.userfield));<br> }<br> }<br> return 0;<br>@@ -3252,7 +3253,8 @@<br> if (it_cdr->fn_table == &finalized_state_fn_table && it_cdr->next != NULL) {<br> continue;<br> }<br>- ast_copy_string(it_cdr->party_a.userfield, userfield, AST_MAX_USER_FIELD);<br>+ ast_copy_string(it_cdr->party_a.userfield, userfield,<br>+ sizeof(it_cdr->party_a.userfield));<br> }<br> ao2_unlock(cdr);<br> }<br></pre><p>To view, visit <a href="https://gerrit.asterisk.org/7126">change 7126</a>. To unsubscribe, visit <a href="https://gerrit.asterisk.org/settings">settings</a>.</p><div itemscope itemtype="http://schema.org/EmailMessage"><div itemscope itemprop="action" itemtype="http://schema.org/ViewAction"><link itemprop="url" href="https://gerrit.asterisk.org/7126"/><meta itemprop="name" content="View Change"/></div></div>
<div style="display:none"> Gerrit-Project: asterisk </div>
<div style="display:none"> Gerrit-Branch: 13.18 </div>
<div style="display:none"> Gerrit-MessageType: newchange </div>
<div style="display:none"> Gerrit-Change-Id: I0fa767f65ecec7e676ca465306ff9e0edbf3b652 </div>
<div style="display:none"> Gerrit-Change-Number: 7126 </div>
<div style="display:none"> Gerrit-PatchSet: 1 </div>
<div style="display:none"> Gerrit-Owner: George Joseph <gjoseph@digium.com> </div>
<div style="display:none"> Gerrit-Reviewer: Richard Mudgett <rmudgett@digium.com> </div>