<p>George Joseph <strong>merged</strong> this change.</p><p><a href="https://gerrit.asterisk.org/7127">View Change</a></p><div style="white-space:pre-wrap">Approvals:
Jenkins2: Verified
Joshua Colp: Looks good to me, but someone else must approve
George Joseph: Looks good to me, approved; Approved for Submit
</div><pre style="font-family: monospace,monospace; white-space: pre-wrap;">AST-2017-010: Fix cdr_object_update_party_b_userfield_cb() buf overrun<br><br>cdr_object_update_party_b_userfield_cb() could overrun the fixed buffer if<br>the supplied string is too long. The long string could be supplied by<br>external means using the CDR(userfield) function.<br><br>This may seem reminiscent to AST-2017-001 (ASTERISK_26897) and it is. The<br>earlier patch fixed the buffer overrun for Party A's userfield while this<br>patch fixes the same thing for Party B's userfield.<br><br>ASTERISK-27337<br><br>Change-Id: I0fa767f65ecec7e676ca465306ff9e0edbf3b652<br>---<br>M main/cdr.c<br>1 file changed, 4 insertions(+), 2 deletions(-)<br><br></pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;">diff --git a/main/cdr.c b/main/cdr.c<br>index 09355a1..38b6973 100644<br>--- a/main/cdr.c<br>+++ b/main/cdr.c<br>@@ -3232,7 +3232,8 @@<br> }<br> if (it_cdr->party_b.snapshot<br> && !strcasecmp(it_cdr->party_b.snapshot->name, info->channel_name)) {<br>- strcpy(it_cdr->party_b.userfield, info->userfield);<br>+ ast_copy_string(it_cdr->party_b.userfield, info->userfield,<br>+ sizeof(it_cdr->party_b.userfield));<br> }<br> }<br> return 0;<br>@@ -3254,7 +3255,8 @@<br> if (it_cdr->fn_table == &finalized_state_fn_table) {<br> continue;<br> }<br>- ast_copy_string(it_cdr->party_a.userfield, userfield, AST_MAX_USER_FIELD);<br>+ ast_copy_string(it_cdr->party_a.userfield, userfield,<br>+ sizeof(it_cdr->party_a.userfield));<br> }<br> ao2_unlock(cdr);<br> }<br></pre><p>To view, visit <a href="https://gerrit.asterisk.org/7127">change 7127</a>. To unsubscribe, visit <a href="https://gerrit.asterisk.org/settings">settings</a>.</p><div itemscope itemtype="http://schema.org/EmailMessage"><div itemscope itemprop="action" itemtype="http://schema.org/ViewAction"><link itemprop="url" href="https://gerrit.asterisk.org/7127"/><meta itemprop="name" content="View Change"/></div></div>
<div style="display:none"> Gerrit-Project: asterisk </div>
<div style="display:none"> Gerrit-Branch: certified/13.13 </div>
<div style="display:none"> Gerrit-MessageType: merged </div>
<div style="display:none"> Gerrit-Change-Id: I0fa767f65ecec7e676ca465306ff9e0edbf3b652 </div>
<div style="display:none"> Gerrit-Change-Number: 7127 </div>
<div style="display:none"> Gerrit-PatchSet: 1 </div>
<div style="display:none"> Gerrit-Owner: George Joseph <gjoseph@digium.com> </div>
<div style="display:none"> Gerrit-Reviewer: George Joseph <gjoseph@digium.com> </div>
<div style="display:none"> Gerrit-Reviewer: Jenkins2 </div>
<div style="display:none"> Gerrit-Reviewer: Joshua Colp <jcolp@digium.com> </div>
<div style="display:none"> Gerrit-Reviewer: Richard Mudgett <rmudgett@digium.com> </div>