diff options
author | Corey Farrell <git@cfware.com> | 2017-03-27 10:03:49 -0400 |
---|---|---|
committer | Joshua Colp <jcolp@digium.com> | 2017-04-04 10:12:27 +0000 |
commit | 68bde0f07de7e9e60de1c8d0f027d3863c971269 (patch) | |
tree | ac7029574170c1ef42eefa87e20e2b7d5f77b72e | |
parent | 27b556778dd3368d5531af64237ca29f42d84641 (diff) |
CDR: Protect from data overflow in ast_cdr_setuserfield.
ast_cdr_setuserfield wrote to a fixed length field using strcpy. This could
result in a buffer overrun when called from chan_sip or func_cdr. This patch
adds a maximum bytes written to the field by using ast_copy_string instead.
ASTERISK-26897 #close
patches:
0001-CDR-Protect-from-data-overflow-in-ast_cdr_setuserfie.patch submitted
by Corey Farrell (license #5909)
Change-Id: Ib23ca77e9b9e2803a450e1206af45df2d2fdf65c
-rw-r--r-- | main/cdr.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/main/cdr.c b/main/cdr.c index 2d2f51b3f..e09efe20a 100644 --- a/main/cdr.c +++ b/main/cdr.c @@ -3254,7 +3254,7 @@ void ast_cdr_setuserfield(const char *channel_name, const char *userfield) if (it_cdr->fn_table == &finalized_state_fn_table && it_cdr->next != NULL) { continue; } - strcpy(it_cdr->party_a.userfield, userfield); + ast_copy_string(it_cdr->party_a.userfield, userfield, AST_MAX_USER_FIELD); } ao2_unlock(cdr); } |