diff options
author | Joshua Colp <jcolp@digium.com> | 2016-03-03 10:26:10 -0400 |
---|---|---|
committer | Joshua Colp <jcolp@digium.com> | 2016-03-03 10:43:20 -0600 |
commit | 6af7fc4c37b314ba2bf3380d44c7e4ac409787e2 (patch) | |
tree | 4f8a71ba0fa8c529593b5215fba13ad321893f10 | |
parent | b78ec68c391a7ecbddc5a5f455d9c76b00e7ae9c (diff) |
res_pjsip_dtmf_info: NULL terminate the message body.
PJSIP does not ensure that when printing the message body the
buffer will be NULL terminated. This is problematic when searching
for the signal and duration values of the DTMF.
This change ensures the buffer is always NULL terminated.
Change-Id: I52653a1a60c93092d06af31a27408d569cc98968
-rw-r--r-- | res/res_pjsip_dtmf_info.c | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/res/res_pjsip_dtmf_info.c b/res/res_pjsip_dtmf_info.c index 78d529c30..47ccd1ae5 100644 --- a/res/res_pjsip_dtmf_info.c +++ b/res/res_pjsip_dtmf_info.c @@ -82,14 +82,13 @@ static char get_event(const char *c) static int dtmf_info_incoming_request(struct ast_sip_session *session, struct pjsip_rx_data *rdata) { pjsip_msg_body *body = rdata->msg_info.msg->body; - char buf[body ? body->len : 0]; + char buf[body ? body->len + 1 : 1]; char *cur = buf; char *line; - char event = '\0'; unsigned int duration = 100; - char is_dtmf; + int res; if (!session->channel) { return 0; @@ -107,7 +106,12 @@ static int dtmf_info_incoming_request(struct ast_sip_session *session, struct pj return 0; } - body->print_body(body, buf, body->len); + res = body->print_body(body, buf, body->len); + if (res < 0) { + send_response(session, rdata, 500); + return 0; + } + buf[res] = '\0'; if (is_dtmf) { /* directly use what is in the message body */ |